Aw: Re: [users@httpd] X-Forward-For in ssl_access_log / apache behind WAF

Morel Mosolff Thu, 05 Oct 2017 23:49:58 -0700

Hi Yann
unfortunately that makes no difference.

It don't works even if I only try to block one ip-address like this: SetEnvIf 
Remote_Addr "1\.2\.3\.1" wav
but the output is slighly different (see below)


        LogFormat "%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" 
combined
        LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b 
\"%{Referer}i\" \"%{User-Agent}i\"" proxy
        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
        CustomLog "logs/ssl_access_log" combined env=!forwarded
        CustomLog "logs/ssl_access_log" proxy env=forwarded
        SetEnvIf Remote_Addr "1\.2\.3\.1" wav
        CustomLog "logs/ssl_access_log" proxy env=!waf

before (deny two ip's):
10.1.2.1 - - [06/Oct/2017:08:37:12 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:13 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:37:17 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:18 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:37:22 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"


after (deny one ip):
10.1.2.1 - - [06/Oct/2017:08:37:32 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- 10.1.2.1 - - [06/Oct/2017:08:37:32 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:33 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- 10.1.2.2 - - [06/Oct/2017:08:37:33 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:37:37 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- 10.1.2.1 - - [06/Oct/2017:08:37:37 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"

if I delete %h in the proxy definition I get:
10.1.2.2 - - [06/Oct/2017:08:45:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- - - [06/Oct/2017:08:45:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:45:27 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- - - [06/Oct/2017:08:45:27 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.22 - - [06/Oct/2017:08:45:28 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- - - [06/Oct/2017:08:45:28 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"

(one time the request ist logged with the ip and ontime without...:-(  )

best
m

> Gesendet: Donnerstag, 05. Oktober 2017 um 17:16 Uhr
> Von: "Yann Ylavic" <ylavic....@gmail.com>
> An: users@httpd.apache.org
> Betreff: Re: [users@httpd] X-Forward-For in ssl_access_log / apache behind WAF
>
> Hi,
> 
> On Thu, Oct 5, 2017 at 11:11 AM, Morel Mosolff <marcus0...@gmx.de> wrote:
> >
> >         #part 2:
> >         SetEnvIf Remote_addr  ("1\.2\.3\.1"|"1\.2\.2\.2") waf
> >         CustomLog "logs/ssl_access_log" proxy env=!waf
> 
> Did you try without the quotes, for instance:
>    SetEnvIf Remote_addr ^(1\.2\.3\.1|1\.2\.2\.2)$ waf
> ?
> 
> Regards,
> Yann.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Aw: Re: [users@httpd] X-Forward-For in ssl_access_log / apache behind WAF

Reply via email to