We use HTTP (Apache) behind F5 Application Firewall (or Reverse Proxy ... blah blah),
F5 IP = 10.0.0.1
Client = 100.100.100.100
So when we check Common log, we find
10.0.0.1 - - [22/Jul/2008:11:33:15 +0700] "GET /index.html HTTP/1.1" 304 -
that doesn't show IP from client, It show F5's IP
httpd.conf file:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
We need "X-Forwarded-For" variable on Apache Log.
So, modified httpd.conf file:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{X-Forwarded-For}i\"" common
Check log again access_log (common)
10.0.0.1 - - [22/Jul/2008:11:41:49 +0700] "GET /index.html" 200 1685 "100.100.100.100"
...
Enjoy!
Tuesday, July 22, 2008
Subscribe to:
Post Comments (Atom)
Posts
1 comment:
Very helpful. Perfect article..for me. Debug an issue on a webserver behind a big IP [F5]
Post a Comment