On 2017-04-09, Thuban <thu...@yeuxdelibad.net> wrote: > * Hiltjo Posthuma <hil...@codemadness.org> le [09-04-2017 11:42:23 +0200]: >> On Sat, Apr 08, 2017 at 08:48:43PM +0200, Thuban wrote: >> > Hello, >> > I use relayd to deal with HTTP headers as suggested here [1]. >> > My problem is that in httpd logs, the origin IP is 127.0.0.1 and thats >> > not very handy to track bruteforce attacks (in example). >> > >> > Do you have any advice to keep the visitor IP in logs ? >> > >> > [1] : >> > https://github.com/reyk/httpd/wiki/Using-relayd-to-add-Cache-Control-headers-to-httpd-traffic >> > -- >> > :thuban: >> > >> >> Hey, >> >> It's commonly done by adding a X-Forwarded-For header with the origin IP. >> >> From the relayd.conf(5) man page: >> >> http protocol "https" { >> match header append "X-Forwarded-For" \ >> value "$REMOTE_ADDR" >> match header append "X-Forwarded-By" \ >> value "$SERVER_ADDR:$SERVER_PORT"
"append" isn't good here, you don't want to trust whatever the client sends in headers. > That's exactly what I use, but it doesn't seems to work : > > # snip from httpd logs > test.yeuxdelibad.net 127.0.0.1 - - [09/Apr/2017:11:47:54 +0200] "GET / > HTTP/1.0" 200 0 You need to configure the webserver to log those headers. I don't think httpd(8) allows it though. > I tried to use "transparent" keyword but relay fail in this case. This would be simpler as you then don't need to worry about changing webserver logging or what the client sends in headers. I think it would be better to debug this instead.
