In ML v8.0.1+ if the application is using the declarative rewriter,
( port 8000 and newly created REST servers do, user created HTTP servers can
choose to supply a custom declarative rewriter ) -
the rewriter can log a 'trace' event with the value of any HTTP header, which
could be the - ("X-Forwarded-For")
This will end up in ErrorLog.txt not AccesLog.txt.
The format of the AccessLog is fixed.
It uses the directly connected IP address, and if available also the referrer,
response-code, method, url, version, username , content-length, referrer, and
user agent.
-----------------------------------------------------------------------------
David Lee
Lead Engineer
MarkLogic Corporation
d...@marklogic.com
Phone: +1 812-482-5224
Cell: +1 812-630-7622
www.marklogic.com
-----Original Message-----
From: general-boun...@developer.marklogic.com
[mailto:general-boun...@developer.marklogic.com] On Behalf Of David Sewell
Sent: Friday, June 05, 2015 5:06 PM
To: MarkLogic Developer Discussion
Subject: Re: [MarkLogic Dev General] How to make ML show x-forwarded-for IP
address in ML access logs
Sorry, I didn't answer the question you actually asked... it would probably
require a low-level intervention in the MarkLogic code to change what gets
written to the access log, no clue about that.
Sorry but would be interested to learn there is a solution,
David
On Fri, 5 Jun 2015, David Sewell wrote:
> xdmp:get-request-header("X-Forwarded-For") ought to do it (if the HTTP
> server is creating a header with just that spelling; that's what Apache does).
>
> We have a function we use to determine the actual source IP address
> that you might be able to use or adapt:
>
> (:~
> : Ascertain IP address masked by Apache rewrites.
> :
> : @return The actual client address.
> :)
>
> declare function user:get-actual-client-address() as xs:string {
> let $apparentIP := xdmp:get-request-client-address()
> let $forwardedFrom := xdmp:get-request-header("X-Forwarded-For")
> return
> if ((exists($forwardedFrom)) and ($apparentIP eq '127.0.0.1'))
> then tokenize($forwardedFrom, ', ')[last()]
> else $apparentIP
> };
>
> David
>
> On Fri, 5 Jun 2015, Danny Sinang wrote:
>
>> Our ML cluster is behind a load balancer, so the source ip address of
>> the ML access logs show the load balancer's IP address.
>>
>> I'm told that the load balancer injects into the http request header
>> the actual client ip address as "x-forwarded-for".
>>
>> Is there a way to make ML display the contents of this
>> x-forwarded-for field ?
>>
>> Regards,
>> Danny
>>
>
>
--
David Sewell, Editorial and Technical Manager ROTUNDA, The University of
Virginia Press PO Box 400314, Charlottesville, VA 22904-4314 USA
Email: dsew...@virginia.edu Tel: +1 434 924 9973
Web: http://rotunda.upress.virginia.edu/
_______________________________________________
General mailing list
General@developer.marklogic.com
Manage your subscription at:
http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________
General mailing list
General@developer.marklogic.com
Manage your subscription at:
http://developer.marklogic.com/mailman/listinfo/general
