On 08.09.20 16:42, piyush.gaba@xxxxxxxxxx wrote:
By the way guys. It just worked. Thanks alot Amos and Matus.
just to make sure - are you aware that anything in the X-Forwarded-For: header can be fake and you should only use trusted IPs? The follow_x_forwarded_for describes how: http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
On 9/09/20 1:15 am, piyush.gaba wrote:I think my whole struggle is to get the desired output as: <ip>- - [17/Aug/2018:08:43:29 +0200] "GET /index1.html HTTP/1.1" 200 36 "-" "curl/7.29.0" unknown Which has "unknown" at the end because forwarded_for was set to "off". But now when I am working with squid 4.13 I am not getting the desired output, I am getting the output as, <ip> - - [08/Sep/2020:15:07:19 +0200] "GET /index1.html HTTP/1.1" 200 8 "-" "curl/7.29.0" Which does not have anything at the end, while the forwarded_for is set to "off". Please let me know if you have any advice to give for this logging problem. I am using below log format in my httpd file, LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Tuesday, September 8, 2020 20:42 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Forwarded-for functionality(squid)
That LogFormat tells us the first column of the log file is the contents of the X-Forwarded-For header. The first column of the log lines you showed is "<ip>" - the value of XFF header is supposed to be one or more IPs, so that looks like it is working. Use the debug_options setting I gave you to *actually* see what is happening. The Apache log is only showing you what values are _after_ the httpd process and all modules have done their modifications to the HTTP input ... including replacing the transaction client-IP with any value from XFF header.
-- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
