by Michael Boyarsk » Wed, 19 Apr 2000 04:00:00
Thanks in advance
Mike
by Paul Rub » Wed, 19 Apr 2000 04:00:00
Some proxies remove this info, in which case you can't log it.Quote:>Is it possible to log original IP addresses of client computers
>which use proxy servers to connect to my web server? Currently I get
>only proxy IP address in my logs, but I remember that I read somewhere
>that it is possible to know the original requester's address...
Others leave it in a header (I've forgotten the name) and you
can log it with CustomLog and the %...{Foobar}i log format specifier.
See http://www.apache.org/docs/mod/mod_log_config.html#formats
by Alan J. Flavel » Wed, 19 Apr 2000 04:00:00
The proxy may send an HTTP header (x-forwarded-for seems to beQuote:> Currently I get only proxy IP address in my logs, but I remember
> that I read somewhere that it is possible to know the original
> requester's address...
I would suggest this can be useful for informational purposes, or
for pre-filling in a form response field that the user might yet
want to correct for themselves. Using it as an essential part of
some scheme (e.g charging or access control) would seem inadvisable,
since it may be entirely missing, or even wrong, through no fault of
the end user.
by Bill Mosele » Wed, 19 Apr 2000 04:00:00
http://perl.apache.org/guide/download.html#mod_proxy_add_forwardQuote:> Is it possible to log original IP addresses of client computers
> which use proxy servers to connect to my web server?
--
pls note the one line sig, not counting this one.
1. User logging (WAS: Is it possible to log original IP addresses?)
OK, thanks to everyone who pointed me to X-Forwarded-For header,
which contains the address of client behind the proxy. It really works,
but it looks like in case of proxy forwarding request to another proxy
I'm getting the address of that previous proxy:
i.e. client->proxyA->proxyB->server and I log proxyA in X-Forwarded-For
...
Log format:
CustomLog xxxxx "%h %l %u %t \"%r\" %s %b \"%{Referer}i\"
\"%{User-Agent}i\" %{X-Forwarded-For}i"
Sample log line:
basil.ulcc.wwwcache.ja.net - - [19/Apr/2000:12:53:36 +0400] "GET
/Exclusive/exclusive_K8.html HTTP/1.0" 200 2783 "-" "Mozilla/4.0
(compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8
nslookup 194.82.103.8
Name: quietly-confident.wwwcache.ja.net
#telnet 194.82.103.8 3128
Trying 194.82.103.8...
Connected to 194.82.103.8.
Escape character is '^]'.
GET /
HTTP/1.0 400 Bad Request
Server: Squid/2.2.STABLE5-hno.20000202
...
So proxyA = quietly-confident.wwwcache.ja.net, proxyB=
basil.ulcc.wwwcache.ja.net,
client= ???
So now my questions are:
1. Are my conclusions correct?
2. Are there any better methods for tracking server users, including
users
behind proxies? May be cookies will help and if yes, are there any tools
for
that?
3. Can anybody explain why I am getting 'unknown,' in this log line
"Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8
Other log lines look as they should be:
"Mozilla/4.7 [en] (Win98; I)" 193.232.8.111
Again, custom format here is
\"%{User-Agent}i\" %{X-Forwarded-For}i
Many thanks in advance
Michael
2. Setupproblem: setup can't acces HDD
3. Possible NOT to log IP addresses?
4. HP SA1100 server appliance help
5. 2 IP addresses on 1 NIC - Are different net addresses possible??
6. Bootable CD
7. Getting original source/destination IP address after NAT
8. Groupware server like MS Exchange or Lotus ...
9. How do i port forward but maintain the original IP address?
10. no terminal/ip address information displayed by "who am i"
11. Why I am getting two IP addresses when I connect to my work through VPN
12. HELP I am iso a mailfraud via ip addresses
13. From which IP address I am connected