Re: [users@httpd] How to display the True-Client-IP header in the access log
On Tue, Oct 19, 2021 at 1:44 PM Mason Hayes wrote: > > Hi, All > > When Apache is accessed via a CDN (Akamai), I would like to record the IP of > the accessing client in the Apache logs. > In order to display the True-Client-IP header sent by Akamai in the access > log like X-Forward-For, do I have to change the Logformat setting in > httpd.conf as follows? > > Logformat > "%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\" > \%{User-Agent}i\" combined That looks OK, but you may want to look into using https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html You would have to set RemoteIPHeader to True-Client-IP and, since Akamai to my knowledge doesn't publish a list of its source IPs, consider some kind of authentication, e.g. basic auth https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html to protect the vhost from access without Akamai. Otherwise anyone would be able to fake an arbitrary source IP in your logs. rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to display the True-Client-IP header in the access log
On 10/19/2021 7:43 AM, Mason Hayes wrote: Hi, All When Apache is accessed via a CDN (Akamai), I would like to record the IP of the accessing client in the Apache logs. In order to display the True-Client-IP header sent by Akamai in the access log like X-Forward-For, do I have to change the Logformat setting in httpd.conf as follows? Logformat "%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\" \%{User-Agent}i\" combined If anyone has had any success with True-Client-IP showing up in the logs, please let me know. Regards, If the real client IP is not in X-Forwarded-For you'll need to know what environment variable it is supplied in. You should be able to write some server side code to list all the environment variables and their values presented to you by the web server. That variable in Apache for me is X-Forwarded-For. Jim - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] How to display the True-Client-IP header in the access log
With haproxy you have an option to enable a proxy protocol, this transmits the client ip. I guess something similar must exist in your case. > > When Apache is accessed via a CDN (Akamai), I would like to record the > IP of the accessing client in the Apache logs. > In order to display the True-Client-IP header sent by Akamai in the > access log like X-Forward-For, do I have to change the Logformat setting > in httpd.conf as follows? > > Logformat > "%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\" \%{User- > Agent}i\" combined > > If anyone has had any success with True-Client-IP showing up in the > logs, please let me know. > > Regards, > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org