**Elasticsearch version: 7.17.12
**Server OS version: Rocky Linux release 8.8 (Green Obsidian)
**Kibana version (if relevant): 7.17.12
**Describe the issue:
SG is unable to parse chained proxy
**Steps to reproduce: Put an Apache server in front of a kibana server
**Expected behavior: No error message
The relevant section:
network: trusted_proxies: "10.x.x.x" http: remote_ip_header: "x-forwarded-for"
I see in Elastic logs:
org.elasticsearch.index.mapper.MapperParsingException: failed to parse field [audit_rest_request_headers.x-forwarded-for] of type [ip] in document with id '40cSRooBAzpFVtZfD7e1'. Preview of field's value: '10.y.y.y,127.0.0.1'
The first one (10.y.y.y) is the real one, the second is added by Apache, because it’s configured to use a proxy:
<Proxy balancer://kibana> BalancerMember http://localhost:5601 responsefieldsize=65535 BalancerMember http://localhost:5602 responsefieldsize=65535 ProxySet lbmethod=bytraffic </Proxy>
A sequence of IP in
x-forwarded-for is an expected behaviour, SG should not fails on it.