On Tue, Oct 19, 2021 at 1:44 PM Mason Hayes <march.koala10@xxxxxxxxx> wrote:
>
> Hi, All
>
> When Apache is accessed via a CDN (Akamai), I would like to record the IP of the accessing client in the Apache logs.
> In order to display the True-Client-IP header sent by Akamai in the access log like X-Forward-For, do I have to change the Logformat setting in httpd.conf as follows?
>
> Logformat
> "%{True-Client-IP}i %h %l %u %t˶~˵"%r\" %>s %b˶~˵"%{Referer}i\" \%{User-Agent}i\" combined
That looks OK, but you may want to look into using
https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
You would have to set RemoteIPHeader to True-Client-IP and, since
Akamai to my knowledge doesn't publish a list of its source IPs,
consider some kind of authentication, e.g. basic auth
https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html to protect
the vhost from access without Akamai. Otherwise anyone would be able
to fake an arbitrary source IP in your logs.
rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|