On 4/25/07, Foster, Stephen (ASPIRE) <[EMAIL PROTECTED]> wrote:
This format works fine and logs the client IP and the host that the request is intended to go to for locally served content such as gif's etc. However for objects that get proxied of to the other backend servers i get a log entry with the client IP added with a comma after it, e.g 2007-04-23 09:16:11 10.101.212.165, 10.101.212.165 dit3.x.y.uk GET /login?GAREASONCODE=-1&GARESOURCEID=Common&GAURI=https://dit3.x.y.uk/home&Reason=-1&APPID=Common&URI=https://dit3.x.y.uk/home HTTP/1.1 200 9090 310672 ?GAREASONCODE=-1&GARESOURCEID=Common&GAURI=https://dit3.x.y.uk/home&Reason=-1&APPID=Common&URI=https://dit3.x.y.uk/home Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 - -
The issue is that when apache is acting in proxy mode, it too will add content to the X-Forwarded-For header, resulting in two comma-separated IP addresses. I see a couple unexplained things here, however: 1. I'm not sure why you are getting the same IP twice in X-Forwarded-For. You should get the original IP (placed there by the load balancer) and then the load balancer's IP (placed there by apache). 2. It would be nice if mod_log_config was logging the actual request headers here, rather than the request headers after modification by mod_proxy. That may be an architectural flaw that is difficult to correct. One possible solution is to use a module like mod_extract_forwarded to replace the normal REMOTE_ADDR with the X-Forwarded-For content. Then you could log the client IP address as usual. But I'm not sure how that will work in the presence of mod_proxy. So I don't have a complete solution for you, but I hope that helps you understand the problem a little better. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
