-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mike, On 10/2/14 1:18 PM, Mike Rumph wrote: > It just occurred to me that you might be referring to the first > field (%h) in your log records. This is going to be the remote > hostname. So this is showing the IP address of your immediate > proxy. If you want to see the true original client IP address (as > calculated by mod_remoteip), you should add the %a field to your > LogFormat directive. - > http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats Okay, using %a works when using mod_remoteip. AWS Linux uses %h by default for its httpd.conf definition of "combined" log format, so I've changed that and I'm getting the logging I desire. I'll try to replicate the behavior in httpd 2.2 without mod_remoteip we well. Thanks, - -chris > On 10/2/2014 9:04 AM, Mike Rumph wrote: >> Hello Christopher, >> >> Since you are running 2.4.10, you have the latest mod_remoteip >> fixes. But I think the problem is in the directives that you are >> using: >> >> RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy 10.0.0.0/8 >> >> >> If you only use the RemoteIPHeader directive, then the default is >> to treat all proxies as external trusted proxies. Having >> RemoteIPTrustedProxy set for all your proxies would have the same >> effect. >> >> I assume by your 10.0.0.0/8 mask that this matches your proxy >> addresses. But 10.0.0.0/8 is a mask for internal IP addresses. So >> your proxies will not be accepted as external proxies. And your >> true client ip address will not be used. >> >> Try the following directives instead: >> >> RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 10.0.0.0/8 >> >> Let us know if this works for you. >> >> Thanks, >> >> Mike Rumph >> >> On 10/2/2014 6:46 AM, Christopher Schultz wrote: >>> Mike, >>> >>> On 10/1/14 5:40 PM, Mike Rumph wrote: >>>> What version of Apache httpd are you running? >>> Thanks for the reply. We are running 2.4 and 2.2 on various >>> servers, but I'm starting with this one: >>> >>> Server version: Apache/2.4.10 (Amazon) Server built: Jul 30 >>> 2014 23:57:28 >>> >>> This is the httpd package that Amazon bundles with its Amazon >>> Linux. If possible, I'd prefer to continue to use their >>> packages. >>> >>>> There have been some mod_remoteip fixes in recent 2.4.x >>>> releases. >>>> >>>> You could also try setting up some LogFormat directives as in >>>> bug 55635 to get more information on this. - >>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55635#c1 >>> I'll modify my log format and post what I get under various >>> circumstances. >>> >>> FWIW, I currently have no "Allow" or "Deny" directives in >>> effect. I was planing eventually to say "Allow from 10/8" or >>> something equivalent to only allow connections to this virtual >>> host from the load-balancer. If that's not going to work, it's >>> easily done at the OS or firewall level. >>> >>> Thanks, -chris >>> >>>> On 10/1/2014 11:00 AM, Christopher Schultz wrote: >>>>> All, >>>>> >>>>> I'm trying to get httpd working behind an AWS ELB but still >>>>> using the remote client's information whenever possible. >>>>> >>>>> ELB provides the X-Forwarded-For, X-Forwarded-Port, and >>>>> X-Forwarded-Proto HTTP headers. My configuration looks like >>>>> this: >>>>> >>>>> RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy >>>>> 10.0.0.0/8 >>>>> >>>>> (I commented-out the RemoteIPTrustedProxy line to see if >>>>> that was the problem, and it does not appear to have >>>>> changed the behavior). >>>>> >>>>> My true client IP address is 71.178.xxx.yyy and I'm making >>>>> a request through the load balancer. I'm using PHP's >>>>> "phpinfo()" to dump everything about the request. I can see >>>>> that the X-Forwarded-For header has been /removed/ from the >>>>> request (which mod_remoteip says will happen), but I'm >>>>> still getting the ELB's IP address in my access logs: >>>>> >>>>> 10.32.xxx.yyy - - [01/Oct/2014:17:59:27 +0000] "GET >>>>> /info.php HTTP/1.1" 200 72810 "-" "Mozilla/5.0 (Macintosh; >>>>> Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0" >>>>> >>>>> I have definitely restarted httpd and mod_remoteip is >>>>> definitely enabled (no errors on start, X-Forwarded-For >>>>> header is being removed from the headers). >>>>> >>>>> Am I missing something in my configuration? >>>>> >>>>> Thanks, -chris >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJULZR9AAoJEBzwKT+lPKRYztAP/jVK985yc9sd6zMf/FGiqgN7 3eZwyjv+3eoP3RA3WIhxAtrDEcSlBjCHS3isabn9p+US/wDmki4jg1bMnBntR8oj hTEVaNZ8abgKvBvTORFF/PiNnV4yrwd/uzLd9VOHAOEPVIRs1izxbTzc6YXCxYDs 2Ci3YcTCoxTNOUub+cL5l/ds3OFlygXbbn9MAdTSwezm7N+Sl6MvWVZl5QDZJWkw mjxOFUZKqVKnIyUkrmr8/jJfhshMdzh8DHDf1yX3acJhYpK3LLLjzpLEwuoVE5sC 1bh/dsuHbcI3urSpV987VfwMnPp89ZhSslXETGm9rJpyqQlzIYVBvx9Fp505IN/y 1WYE9rHAK8gDZI9hF1yHESZbows/+FxtoOw0aqj7+StsKi44f2s1XV0T4BRktx3R FOhXq+trctJQn+qx0NsLSWlDrzSriE50hMqQuYSV46Z78cudJAI00VOCMyqaJzc5 qArfhAMyFuJa20fB7jMT/iW7HG4d0sxfyoJNENM4yBWu//DyiKeTQWzkT9H88CGi o286HYqhY7GgeHqKHpa2cMikJSExqlC/ogaj5nMyYjccclTpENXVC+LF0eMZ+zhR sA+RdPjtCb4SIDWxZU4TbgL/jTBQhFe/zLXyywvhsN7vR+zGLGAOMQqkSDn1CBVh su17bGyLE87gUVnbq+i+ =Arx8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|