* Hiltjo Posthuma <[email protected]> le [09-04-2017 11:42:23 +0200]:
> On Sat, Apr 08, 2017 at 08:48:43PM +0200, Thuban wrote:
> > Hello,
> > I use relayd to deal with HTTP headers as suggested here [1].
> > My problem is that in httpd logs, the origin IP is 127.0.0.1 and thats
> > not very handy to track bruteforce attacks (in example).
> >
> > Do you have any advice to keep the visitor IP in logs ?
> >
> > [1] :
> > https://github.com/reyk/httpd/wiki/Using-relayd-to-add-Cache-Control-headers-to-httpd-traffic
> > --
> > :thuban:
> >
>
> Hey,
>
> It's commonly done by adding a X-Forwarded-For header with the origin IP.
>
> From the relayd.conf(5) man page:
>
> http protocol "https" {
> match header append "X-Forwarded-For" \
> value "$REMOTE_ADDR"
> match header append "X-Forwarded-By" \
> value "$SERVER_ADDR:$SERVER_PORT"
>
> ... snip snip ...
> }
>
That's exactly what I use, but it doesn't seems to work :
# snip from httpd logs
test.yeuxdelibad.net 127.0.0.1 - - [09/Apr/2017:11:47:54 +0200] "GET /
HTTP/1.0" 200 0
Here is my full relayd.conf.
I tried to use "transparent" keyword but relay fail in this case.
# cat /etc/relayd.conf
table <local> { 127.0.0.1 }
ext_ip = 192.168.1.2
http protocol "http" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value
"max-age=1814400"
match request header remove "Proxy"
match response header set "X-Xss-Protection" value "1;
mode=block"
match response header set "Frame-Options" value "SAMEORIGIN"
match response header set "X-Frame-Options" value "SAMEORIGIN"
match header append "X-Forwarded-For" \
value "$REMOTE_ADDR"
match header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
return error
}
relay "www" {
listen on $ext_ip port 80
protocol "http"
forward to <local> port 8080 check tcp
}
Regards.
--
:thuban:
