On Sun, Apr 09, 2017 at 11:51:25AM +0200, Thuban wrote: > * Hiltjo Posthuma <hil...@codemadness.org> le [09-04-2017 11:42:23 +0200]: > > On Sat, Apr 08, 2017 at 08:48:43PM +0200, Thuban wrote: > > > Hello, > > > I use relayd to deal with HTTP headers as suggested here [1]. > > > My problem is that in httpd logs, the origin IP is 127.0.0.1 and thats > > > not very handy to track bruteforce attacks (in example). > > > > > > Do you have any advice to keep the visitor IP in logs ? > > > > > > [1] : > > > https://github.com/reyk/httpd/wiki/Using-relayd-to-add-Cache-Control-headers-to-httpd-traffic > > > -- > > > :thuban: > > > > > > > Hey, > > > > It's commonly done by adding a X-Forwarded-For header with the origin IP. > > > > From the relayd.conf(5) man page: > > > > http protocol "https" { > > match header append "X-Forwarded-For" \ > > value "$REMOTE_ADDR" > > match header append "X-Forwarded-By" \ > > value "$SERVER_ADDR:$SERVER_PORT" > > > > ... snip snip ... > > } > > > > That's exactly what I use, but it doesn't seems to work : > > # snip from httpd logs > test.yeuxdelibad.net 127.0.0.1 - - [09/Apr/2017:11:47:54 +0200] "GET / > HTTP/1.0" 200 0 >
Hey, In my example you should also log the "X-Forwarded-For" header in relayd or your httpd. The source IP and headers were modified (non-transparant). relayd can log headers (and other data) using for example: match header log "User-Agent" Additionally it can be useful to edit /etc/syslog.conf to log this to a separate file like /var/log/relayd. -- Kind regards, Hiltjo