On 08.09.20 16:42, piyush.gaba@xxxxxxxxxx wrote:
By the way guys. It just worked. Thanks alot Amos and Matus.
just to make sure - are you aware that anything in the X-Forwarded-For:
header can be fake and you should only use trusted IPs?
The follow_x_forwarded_for describes how:
http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
On 9/09/20 1:15 am, piyush.gaba wrote:
I think my whole struggle is to get the desired output as:
<ip>- - [17/Aug/2018:08:43:29 +0200] "GET /index1.html HTTP/1.1" 200 36 "-" "curl/7.29.0" unknown
Which has "unknown" at the end because forwarded_for was set to "off".
But now when I am working with squid 4.13 I am not getting the desired output, I am getting the output as,
<ip> - - [08/Sep/2020:15:07:19 +0200] "GET /index1.html HTTP/1.1" 200 8 "-" "curl/7.29.0"
Which does not have anything at the end, while the forwarded_for is set to "off".
Please let me know if you have any advice to give for this logging problem.
I am using below log format in my httpd file,
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries
Sent: Tuesday, September 8, 2020 20:42
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Forwarded-for functionality(squid)
That LogFormat tells us the first column of the log file is the contents
of the X-Forwarded-For header. The first column of the log lines you
showed is "<ip>" - the value of XFF header is supposed to be one or more
IPs, so that looks like it is working.
Use the debug_options setting I gave you to *actually* see what is
happening. The Apache log is only showing you what values are _after_
the httpd process and all modules have done their modifications to the
HTTP input ... including replacing the transaction client-IP with any
value from XFF header.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users