An issue that often comes up for users of any full proxy-based product is that the original client IP address is often lost to the application or web server. This is because in a full proxy system there are two connections; one between the client and the proxy, and a second one between the proxy and the web server. Essentially, the web server sees the connection as coming from the proxy, not the client.
If you've got a BIG-IP you can simply enable the ability to insert the “X-Forwarded-For” header in the http profile. Then add the following to the log format you want to modify, or create a new one that includes this to extract the X-Forwarded-For value:
%{X-Forwarded-For}i
So, modified httpd.conf file:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{X-Forwarded-For}i\"" common
That's it. If you don't care about the proxy IP address, you can simply replace the traditional %h in the common log format with the new value, or you can add it as an additional header. Restart Apache and you're ready to go.
For more information on Apache Logs, refer to this great article http://www.apacheweek.com/features/logfiles.
No comments:
Post a Comment