X-Forwarded-For log filtering « The AppGirl Blog

Postings

X-Forwarded-For log filtering

The “X-Forwarded-For” is a HTTP header commonly used to pass the original client ip address as the web request traverses through reverse proxy servers. Furthermore, to truly capture the request ip address, the web server must be configured to record the ip address from the X-Forward-For header. If not, the log file will simply show that all requests are coming from the reverse proxy servers that frontend the web servers.

In apache, it’s very easy to update the log format to capture the right information. The original LogFormat looks like:

LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

Now simply replace %h with %{X-Forwarded-For}i:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

For Microsoft IIS, a custom ISAPI filter is required as it does not have a direct way to support the translation of the X-Forwarded-For value into the client ip (c-ip) header value used in its webserver logging. The folks at F5 wrote the necessary ISAP and published it for the world to use. You do not need a F5 BigIP to use this ISAPI filter as it’s IIS-specific. Installation is simple, simply follow the process documented on devcentral.

Share This Post

Filed under: cli-fu — appgirl @ 10:30 am
Comments (2)

2 Comments »

Hey, thanks for linking to my XFF ISAPI filter. This is a common issue that comes up and I’m glad I could share a free open source version with everyone.

-Joe

Comment by Joe Pruitt — August 19, 2009 @ 9:37 pm
Thank you Joe for making it available!

Comment by catliao — August 20, 2009 @ 6:29 am

RSS feed for comments on this post. TrackBack URL

About

My name is Catherine Liao and you're reading the latest postings of various blogs I follow. You'll notice that the topics tend to center around Cloud Computing, Data Center, Virtualization, Servers, Web Technologies and 24x7 Operations.

These are topics that I'm interested in as I've spent a large chunk of my professional career building, deploying, and maintaining 24x7 application delivery environments. I use the knowledge I've garnered daily in my role as a Technology Solutions Architect for Cisco. I should note that this site is my personal site and does not reflect the views of Cisco.

Feel free to drop me a note if you find this site useful or if you'd like for me to check out your blog. I can be reached at catherine.liao@gmail.com. You can also connect with me via LinkedIn or Twitter.

Looking for less "geeky" content? Check out my travel blog 1-Day Itinerary.

Tweets

@fpalumbo I like my apple iPad case. The stand is a tad floppy but it's functional & the case is compact # 12 hours ago

RT @Jruys: Wow, seeing your own Twitter and Facebook feed on Flipboard rocks! < Im waiting in line to get set up! # 20 hours ago

RT @TechValidate: 4 factors that make your trade show content "pop" or not. http://ow.ly/1qLRBM < Must read for every marketing team! # 20 hours ago

RT @rlux: Today's Woot.com offer is great for aspiring podcasters. < Pretty sweet deal! # 23 hours ago

@chrisrhodes0013 you need a nap # 2010/07/27

@sunshinemug @rlux @bhavacom This article reminded me of the podcast we did! http://goo.gl/AiBx (via @techmama) # 2010/07/27

Fans

AppGirl on Facebook

Postings