Re: [Pound Mailing List] apache/modsecurity in front of load balancer

Wed, 24 Jan 2018 13:59:53 -0800 

You don’t, at least not without some patching.  You pick a log format by number 
- not with a LogFormat formula like you would in Apache.

That said, all the headers are parsed in the get_headers method, stored in the 
headers variable - and they're looped over in http.c (if you look for case 
HEADER_REFERER for instance), so you could add another header in svc.c, case 
statement to identify your chosen header, add a new case statement, allocate a 
variable in thr_http to store it, and do the logic in there (i.e. only accept 
if local address is 127.0.0.1 for security reasons) and then modify the logmsg 
statements that reference from_host and/or caddr in http.c - the log levels are 
based on the lstn->log_level and they're just printf format.

So it's not terribly difficult, depending on how comfortable you are with C. 
(Or how persuasive you can be convincing someone who does know C to do it for 
you)



-- 
Joe

Confidentiality Notice: This e-mail transmission may contain confidential and 
legally privileged information that is intended only for the individual named 
in the e-mail address. If you are not the intended recipient, you are hereby 
notified that any disclosure, copying, distribution, or reliance upon the 
contents of this e-mail message is strictly prohibited. If you have received 
this e-mail transmission in error, please reply to the sender, so that proper 
delivery can be arranged, and please delete the message from your mail box.
 
 
 


------
From: Brad Allison <[email protected]>
Reply-To: "[email protected]" <[email protected]>
Date: Wednesday, January 24, 2018 at 3:42 PM
To: "[email protected]" <[email protected]>
Subject: Re: [Pound Mailing List] apache/modsecurity in front of load balancer

Anyone know?

On Fri, Dec 15, 2017 at 11:39 AM, Brad Allison <mailto:[email protected]> 
wrote:
I have apache/modsecurity running locally on the same server as my pound 
server.  It takes the connections and runs the WAF rules, then hands them to 
pound. 

Problem is, pound is logging all connections as 127.0.0.1 because they are 
coming locally from apache.

Since pound used syslog to log, how do I add X-ForwardFor to the log format for 
pound so I can see the actual IP of the source of the request in the pound logs.

-b


N�����r��zǧu�ޙ���+a���y�n�˛���m�h���u�l��!>W���(�֜��,z��+��+�笶*'

Reply via email to