Is it possible to log original IP addresses ?

Is it possible to log original IP addresses ?

Post by Michael Boyarsk » Wed, 19 Apr 2000 04:00:00



Is it possible to log original IP addresses of client computers
which use proxy servers to connect to my web server? Currently I get
only
proxy IP address in my logs, but I remember that I read somewhere
that it is possible to know the original requester's address...

Thanks in advance

Mike

 
 
 

Is it possible to log original IP addresses ?

Post by Paul Rub » Wed, 19 Apr 2000 04:00:00




Quote:>Is it possible to log original IP addresses of client computers
>which use proxy servers to connect to my web server? Currently I get
>only proxy IP address in my logs, but I remember that I read somewhere
>that it is possible to know the original requester's address...

Some proxies remove this info, in which case you can't log it.

Others leave it in a header (I've forgotten the name) and you
can log it with CustomLog and the %...{Foobar}i log format specifier.
See http://www.apache.org/docs/mod/mod_log_config.html#formats

 
 
 

Is it possible to log original IP addresses ?

Post by Alan J. Flavel » Wed, 19 Apr 2000 04:00:00



> Is it possible to log original IP addresses of client computers
> which use proxy servers to connect to my web server?

Yes, if the proxy sends it and if you believe what the proxy says.

Quote:> Currently I get only proxy IP address in my logs, but I remember
> that I read somewhere that it is possible to know the original
> requester's address...

The proxy may send an HTTP header (x-forwarded-for seems to be
conventional - the "x-" prefix shows you that it isn't a formal
standard) which reports the address from which it had been called.  
You would then find HTTP_X_FORWARDED_FOR in the environment.

I would suggest this can be useful for informational purposes, or
for pre-filling in a form response field that the user might yet
want to correct for themselves.  Using it as an essential part of
some scheme (e.g charging or access control) would seem inadvisable,
since it may be entirely missing, or even wrong, through no fault of
the end user.

 
 
 

Is it possible to log original IP addresses ?

Post by Bill Mosele » Wed, 19 Apr 2000 04:00:00



remarked...

Quote:> Is it possible to log original IP addresses of client computers
> which use proxy servers to connect to my web server?

http://perl.apache.org/guide/download.html#mod_proxy_add_forward

--

pls note the one line sig, not counting this one.

 
 
 

1. User logging (WAS: Is it possible to log original IP addresses?)

OK, thanks to everyone who pointed me to X-Forwarded-For header,
which contains the address of client behind the proxy. It really works,
but it looks like in case of proxy forwarding request to another proxy
I'm getting the address of that previous proxy:
i.e. client->proxyA->proxyB->server and I log proxyA in X-Forwarded-For
...

Log format:
CustomLog xxxxx  "%h %l %u %t \"%r\" %s %b \"%{Referer}i\"
\"%{User-Agent}i\" %{X-Forwarded-For}i"

Sample log line:
basil.ulcc.wwwcache.ja.net - - [19/Apr/2000:12:53:36 +0400] "GET
/Exclusive/exclusive_K8.html HTTP/1.0" 200 2783 "-" "Mozilla/4.0
(compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8

nslookup 194.82.103.8
Name:    quietly-confident.wwwcache.ja.net

#telnet 194.82.103.8 3128
Trying 194.82.103.8...
Connected to 194.82.103.8.
Escape character is '^]'.
GET /

HTTP/1.0 400 Bad Request
Server: Squid/2.2.STABLE5-hno.20000202
...
So proxyA = quietly-confident.wwwcache.ja.net, proxyB=
basil.ulcc.wwwcache.ja.net,
client= ???

So now my questions are:
1. Are my conclusions correct?
2. Are there any better methods for tracking server users, including
users
behind proxies? May be cookies will help and if yes, are there any tools
for
that?
3. Can anybody explain why I am getting  'unknown,' in this log line
"Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)" unknown, 194.82.103.8
Other log lines look as they should be:
"Mozilla/4.7 [en] (Win98; I)" 193.232.8.111
Again, custom format here is
\"%{User-Agent}i\" %{X-Forwarded-For}i

Many thanks in advance

Michael

2. Setupproblem: setup can't acces HDD

3. Possible NOT to log IP addresses?

4. HP SA1100 server appliance help

5. 2 IP addresses on 1 NIC - Are different net addresses possible??

6. Bootable CD

7. Getting original source/destination IP address after NAT

8. Groupware server like MS Exchange or Lotus ...

9. How do i port forward but maintain the original IP address?

10. no terminal/ip address information displayed by "who am i"

11. Why I am getting two IP addresses when I connect to my work through VPN

12. HELP I am iso a mailfraud via ip addresses

13. From which IP address I am connected