LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-10-2013, 04:53 AM   #1
wills
LQ Newbie
 
Registered: Jun 2008
Posts: 28

Rep: Reputation: 0
Apache X-Forwarded-For and logging.


I'm setting up our Apache servers behind a content switch with SNAT, and as a result, the client-IP address will always be one from the NAT-pool of the content switch. The only option I have is to inject X-FORWARDED-FOR in the HTTP header, which I've already done so.

I'm trying to figure out the Apache part, and here is what I've got so far:

Code:
 <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" "proxy"
    #LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" "combined"
    LogFormat "%h %l %u %t \"%r\" %>s %b %D" "combined"
  </IfModule>
 SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "/var/www/vhosts/test/logs/access.log" "combined" env=!forwarded
CustomLog "/var/www/vhosts/test/logs/proxy.log" "proxy" env=forwarded
This works really great, but I can't figure out how to log everything to access.log instead of proxy.log (redundant).

I'm lost, help!
 
Old 07-10-2013, 05:19 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Well you just change that CustomLog line to go to the access.log file.
 
Old 07-10-2013, 05:27 AM   #3
wills
LQ Newbie
 
Registered: Jun 2008
Posts: 28

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie View Post
Well you just change that CustomLog line to go to the access.log file.
Interestingly enough, when I do that, Apache continues to log the IP address of the proxy, not the X-Forwarded-For header. It's really strange to me.
 
Old 07-10-2013, 06:07 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
what does your config look like then?

I presume this was what you copied, and is as I would expect...

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded

http://www.techstacks.com/howto/log-...in-apache.html

Last edited by acid_kewpie; 07-10-2013 at 06:11 AM.
 
Old 07-10-2013, 05:43 PM   #5
wills
LQ Newbie
 
Registered: Jun 2008
Posts: 28

Original Poster
Rep: Reputation: 0
That's where I got it from, yes, but there is a bit more to mine:

Code:
  <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" "combined"
    #LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" "combined"
    LogFormat "%h %l %u %t \"%r\" %>s %b %D" "combined"
  </IfModule>

  LogLevel warn

    SetEnvIf Remote_Addr 127.0.0.1 nolog
    SetEnvIf Remote_Addr 10.20.50.26 nolog
    SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded

  ErrorLog /var/www/vhosts/test/logs/error.log
  #CustomLog /var/www/vhosts/test/logs/access.log "combined" env=!nolog
  CustomLog "/var/www/vhosts/test/logs/access.log" "combined" env=!forwarded
  CustomLog "/var/www/vhosts/test/logs/access.log" "proxy" env=forwarded
I'm positive I'm missing something, because I'm not paying enough attention to the config, though not sure what at this point since I'm not familiar with the logging setup, etc.
 
Old 07-11-2013, 03:37 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Yes, there is more to yours, and it breaks it completely. You have defined the "combined" format 3 different times, and have no "proxy" format referenced at any point. Look at the original example again, and cross reference what's actually going on with the article and supported Apache documents.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache logging Cyked Linux - Server 2 10-26-2009 02:41 PM
Apache logging question... ddenton Linux - Server 1 08-23-2007 06:42 AM
logging Apache 5paack Fedora 2 12-19-2006 10:32 AM
Apache mod_security logging everything? ridertech Linux - Security 2 08-13-2004 02:10 PM
Apache logging WiWa Linux - Software 2 08-13-2003 03:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration