Re: [users@httpd] How to display the True-Client-IP header in the access log
On Tue, Oct 19, 2021 at 1:44 PM Mason Hayes wrote:
>
> Hi, All
>
> When Apache is accessed via a CDN (Akamai), I would like to record the IP of
> the accessing client in the Apache logs.
> In order to display the True-Client-IP header sent by Akamai in the access
> log like X-Forward-For, do I have to change the Logformat setting in
> httpd.conf as follows?
>
> Logformat
> "%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\"
> \%{User-Agent}i\" combined
That looks OK, but you may want to look into using
https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
You would have to set RemoteIPHeader to True-Client-IP and, since
Akamai to my knowledge doesn't publish a list of its source IPs,
consider some kind of authentication, e.g. basic auth
https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html to protect
the vhost from access without Akamai. Otherwise anyone would be able
to fake an arbitrary source IP in your logs.
rainer
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to display the True-Client-IP header in the access log
On 10/19/2021 7:43 AM, Mason Hayes wrote:
Hi, All
When Apache is accessed via a CDN (Akamai), I would like to record the
IP of the accessing client in the Apache logs.
In order to display the True-Client-IP header sent by Akamai in the
access log like X-Forward-For, do I have to change the Logformat
setting in httpd.conf as follows?
Logformat
"%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\"
\%{User-Agent}i\" combined
If anyone has had any success with True-Client-IP showing up in the
logs, please let me know.
Regards,
If the real client IP is not in X-Forwarded-For you'll need to know what
environment variable it is supplied in. You should be able to write some
server side code to list all the environment variables and their values
presented to you by the web server. That variable in Apache for me is
X-Forwarded-For.
Jim
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] How to display the True-Client-IP header in the access log
With haproxy you have an option to enable a proxy protocol, this transmits the
client ip. I guess something similar must exist in your case.
>
> When Apache is accessed via a CDN (Akamai), I would like to record the
> IP of the accessing client in the Apache logs.
> In order to display the True-Client-IP header sent by Akamai in the
> access log like X-Forward-For, do I have to change the Logformat setting
> in httpd.conf as follows?
>
> Logformat
> "%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\" \%{User-
> Agent}i\" combined
>
> If anyone has had any success with True-Client-IP showing up in the
> logs, please let me know.
>
> Regards,
>
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
