The request is coming from the outside, I agree with your "really weird" assessment. The network topology is as follows: ----------DSL "MODEM" --------------->SMC Router ------>Switch --> Webserver Public IP--192.168.2.x-----192.168.2.y--192.168.1.x------------192.168.1.y The address being logged is 192.168.2.y The SMC is an SMC7004ABR. I'm beginning to think the router is misbehaving, but I don't think it has the capability to terminate and initiate a new session. I've never seen any kind of proxy function in it. G -----Original Message----- From: Noah [mailto:sitz@xxxxxxxxxxxx] Sent: Wednesday, March 16, 2005 10:04 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Access_log shows incorrect remote host address On Wed, Mar 16, 2005 at 05:02:42PM -0700, FloorFLUX wrote: > > When you access your webserver, are you using an external IP address? > If so, It's going to log your hit as coming from your router no matter > where it's coming from on the lan because your outgoing request is > going through the router. If you access it via an internal IP address > (perhaps that's how you're doing it with the other applications), then > your request doesn't go through the router, and your internal address > will be preserved. Uh...what? If the request is coming from the outside, the logged IP will, 98+% of the time, be the IP of the client (where 'client' may be a proxying system of some kind and not /necessarily/ a browser). If it's logging the IP of a /router/ that's really weird. I could see it logging the IP of a /switch/, depending on the kind of switch it is; some switches and pseudoswitches (things like Wincom (which no longer exists, I believe) and Netscalar gear) can be configured to terminate an incoming request and initiate a new TCP session to the server (with the switch's IP as the source IP); quite possible some firewalls may do this as well; haven't played with any, but they may well be out there. Unless I'm missing something obvious (hardly the first time, and I'm not a routergeek by trade), the above explanation is bogus. What kind of a router are you dealing with? What's your network topology look like (what does a packet have to do to get from the Internet(tm) to your webserver?) --n -- <huey> dd of=/dev/fd0 if=/dev/flippy bs=1024 <huey> ^^^ Making Flippy Floppy --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|