X-Forwarded-For log filtering « The AppGirl Blog

Postings

X-Forwarded-For log filtering

The “X-Forwarded-For” is a HTTP header commonly used to pass the original client ip address as the web request traverses through reverse proxy servers. Furthermore, to truly capture the request ip address, the web server must be configured to record the ip address from the X-Forward-For header. If not, the log file will simply show that all requests are coming from the reverse proxy servers that frontend the web servers.

In apache, it’s very easy to update the log format to capture the right information. The original LogFormat looks like:

LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

Now simply replace %h with %{X-Forwarded-For}i:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

For Microsoft IIS, a custom ISAPI filter is required as it does not have a direct way to support the translation of the X-Forwarded-For value into the client ip (c-ip) header value used in its webserver logging. The folks at F5 wrote the necessary ISAP and published it for the world to use. You do not need a F5 BigIP to use this ISAPI filter as it’s IIS-specific. Installation is simple, simply follow the process documented on devcentral.

Share This Post

Filed under: cli-fu — appgirl @ 10:30 am
Comments (2)

2 Comments »

Hey, thanks for linking to my XFF ISAPI filter. This is a common issue that comes up and I’m glad I could share a free open source version with everyone.

-Joe

Comment by Joe Pruitt — August 19, 2009 @ 9:37 pm
Thank you Joe for making it available!

Comment by catliao — August 20, 2009 @ 6:29 am

RSS feed for comments on this post. TrackBack URL

About

My name is Catherine Liao and you're reading the latest postings of various blogs I follow. You'll notice that the topics tend to center around Cloud Computing, Data Center, Virtualization, Servers, Web Technologies and 24x7 Operations.

These are topics that I'm interested in as I've spent a large chunk of my professional career building, deploying, and maintaining 24x7 application delivery environments. I use the knowledge I've garnered daily in my role as a Technology Solutions Architect for Cisco. I should note that this site is my personal site and does not reflect the views of Cisco.

Feel free to drop me a note if you find this site useful or if you'd like for me to check out your blog. I can be reached at catherine.liao@gmail.com. You can also connect with me via LinkedIn or Twitter.

Looking for less "geeky" content? Check out my travel blog 1-Day Itinerary.

Tweets

RT @stevie_chambers: RT @catliao RT @stevie_chambers: everyone ready for some great announcements tomorrow? < oh? < YGM < got the memo! :-) # 19 hours ago

@everettharper will I see you at the wine tasting this week? http://bit.ly/bpJlT8 # 19 hours ago

RT @stevie_chambers: everyone ready for some great announcements tomorrow? < oh? # 19 hours ago

I traveled with just an iPad this weekend. Didn't really miss my laptop. I can get used to this. # 2010/09/06

@happyfunpaul doh! # 2010/09/04

RT @rootwyrm: Had a great breakfast with the lovely @catliao < It was great to finally meet you in person. Safe travels back to OH. # 2010/09/03

Fans

AppGirl on Facebook

Postings