With a little side of applesauce...

Tuesday, January 30, 2007

Apache using x-forwarded-for to replace host in log entries

We have moved our servers behind load-balancers that no longer pass the host through to our log files. This has created two problems:

1. The stats show that all requests come from the load-balancers.

2. Access control no longer works when using domain or ip address. (As Apache uses r->connection->remote_addr, which only shows the last host in the hop to the web server… It appears that r->connection->remote_ip would help us out here, but mod_access.c on apache 1.3 and 2 only uses the remote_addr).

I haven’t figured out how to deal with #2 yet, (w/out using mod_perl), but here is a trick that Pat showed me which does the trick for our web stats:
LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined

Simply replace:




“%{X-Forwarded-For}i” is conditional, so if there is no value in the x-forwarded-for header, (ie a health check from the load-balancers), then the logs will contain:

- - - [16/Jun/2006:06:34:24 -0500] “GET / HTTP/1.0″ 302 0 “-” “-”

Otherwise, the log will contain:

999.999.999.999 - - [20/Jun/2006:11:08:06 -0500] “GET / HTTP/1.1″ 200 297 “http://www.example.com/myweb/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

Thanks, Pat!!

No comments: