User logging (WAS: Is it possible to log original IP addresses?)

User logging (WAS: Is it possible to log original IP addresses?)

Post by Michael Boyarsk » Thu, 20 Apr 2000 04:00:00



OK, thanks to everyone who pointed me to X-Forwarded-For header,
which contains the address of client behind the proxy. It really works,
but it looks like in case of proxy forwarding request to another proxy
I'm getting the address of that previous proxy:
i.e. client->proxyA->proxyB->server and I log proxyA in X-Forwarded-For
...

Log format:
CustomLog xxxxx  "%h %l %u %t \"%r\" %s %b \"%{Referer}i\"
\"%{User-Agent}i\" %{X-Forwarded-For}i"

Sample log line:
basil.ulcc.wwwcache.ja.net - - [19/Apr/2000:12:53:36 +0400] "GET
/Exclusive/exclusive_K8.html HTTP/1.0" 200 2783 "-" "Mozilla/4.0
(compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8

nslookup 194.82.103.8
Name:    quietly-confident.wwwcache.ja.net

#telnet 194.82.103.8 3128
Trying 194.82.103.8...
Connected to 194.82.103.8.
Escape character is '^]'.
GET /

HTTP/1.0 400 Bad Request
Server: Squid/2.2.STABLE5-hno.20000202
...
So proxyA = quietly-confident.wwwcache.ja.net, proxyB=
basil.ulcc.wwwcache.ja.net,
client= ???

So now my questions are:
1. Are my conclusions correct?
2. Are there any better methods for tracking server users, including
users
behind proxies? May be cookies will help and if yes, are there any tools
for
that?
3. Can anybody explain why I am getting  'unknown,' in this log line
"Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8
Other log lines look as they should be:
"Mozilla/4.7 [en] (Win98; I)" 193.232.8.111
Again, custom format here is
\"%{User-Agent}i\" %{X-Forwarded-For}i

Many thanks in advance

Michael

 
 
 

1. Is it possible to log original IP addresses ?

Is it possible to log original IP addresses of client computers
which use proxy servers to connect to my web server? Currently I get
only
proxy IP address in my logs, but I remember that I read somewhere
that it is possible to know the original requester's address...

Thanks in advance

Mike

2. nfds fails with Pre2.03

3. Possible NOT to log IP addresses?

4. Linux DvipsK still in Alpha stage, please use old Dvips!

5. Why am I not 'Logged in' ?

6. Oracle on Sun Solaris 8

7. How do see what ip address users are logged into ???

8. Middle Aged Fat Asses

9. router log - I am under attack ??

10. How Can I know when I am logged on in a person logon on

11. Why am I not logged in wtmp?

12. Where am I logging in FROM??? help!

13. How can I tell whether I am logging in on console inside .login?