Apache logging wrong IP addresses in reverse proxy setup
Posted: Mon Feb 06, 2017 5:45 am
Hi,
So I just looked at the apache logs for one of my domains, and the IP address which is logged is (usually) the one assigned to the server rather than the one assigned to the visitor. This is because it is passed from the nginx proxy.
This can be fixed by changing the apache log format. I ran a test and the following code seems to work, adding another field with the correct IP address in brackets.
So a couple of questions:
1) Would this break anything? I'm guessing that the server stats might not like this, although I'm not actually using those. In this case then just replacing %h with %{X-Forwarded-For}i would probably work.
2) Should this be part of the default config for a proxy setup? In which case the scripts for setting up / disabling a proxy would need to know about it. The LogFormat directive could be included in the apache main conf easily enough. Then it would just be a case of applying the correct tag on the end of the CustomLog directive, combined vs combined_proxy.
So I just looked at the apache logs for one of my domains, and the IP address which is logged is (usually) the one assigned to the server rather than the one assigned to the visitor. This is because it is passed from the nginx proxy.
This can be fixed by changing the apache log format. I ran a test and the following code seems to work, adding another field with the correct IP address in brackets.
Code: Select all
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_proxy
CustomLog /var/log/apache2/domains/domain.com.log combined_proxy
1) Would this break anything? I'm guessing that the server stats might not like this, although I'm not actually using those. In this case then just replacing %h with %{X-Forwarded-For}i would probably work.
2) Should this be part of the default config for a proxy setup? In which case the scripts for setting up / disabling a proxy would need to know about it. The LogFormat directive could be included in the apache main conf easily enough. Then it would just be a case of applying the correct tag on the end of the CustomLog directive, combined vs combined_proxy.