Author Topic: Apache log (not true IP in logs)  (Read 9326 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Apache log (not true IP in logs)
« on: May 21, 2017, 08:54:17 PM »
The Apache access.log logs indicate the external IP address of the server, and not the real one with which the request was made.
Correction in /usr/local/apache/conf/httpd.conf:
Find:
Code: [Select]
<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

Replece to:
Code: [Select]
<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

Correct please in the distribution and updates
« Last Edit: May 21, 2017, 09:34:51 PM by IgorA100 »

Offline
*
Re: Apache log (not true IP in logs)
« Reply #1 on: May 22, 2017, 01:04:19 PM »
+1
We need ip's to let CSF/LFD do something with it.
Code: [Select]
%a Client IP address of the request (see the mod_remoteip module).
%h Remote hostname. Will log the IP address if HostnameLookups is set to Off, which is the default. If it logs the hostname for only a few hosts, you probably have access control directives mentioning them by name. See the Require host documentation.
http://httpd.apache.org/docs/current/mod/mod_log_config.html
Hobby home server with CentOS 7 + CWP (NAT-ed Mod enabled).

Offline
*
Re: Apache log (not true IP in logs)
« Reply #2 on: May 24, 2017, 12:25:25 PM »
Oh shit.
After the update, the log settings are again lost :(

Do you have to come up with "crutches"?
Will this moment be corrected?

------

It seems that the developers are not going to fix bugs. :(
Well, well, let's do "crutches".
Create the "custom.conf" file in the /usr/local/apache/conf.d folder with the contents:
Code: [Select]
<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "logs/access_log" combined
</IfModule>
« Last Edit: May 24, 2017, 01:11:57 PM by IgorA100 »

Offline
*****
Re: Apache log (not true IP in logs)
« Reply #3 on: May 24, 2017, 04:39:46 PM »
are you using any reverse proxy server ?

Offline
*
Re: Apache log (not true IP in logs)
« Reply #4 on: May 24, 2017, 04:47:18 PM »
Only standart "Apache & Nginx Reverse Proxy (Nginx on port 80 and apache on port 8181)" without modification.

Offline
*
Re: Apache log (not true IP in logs)
« Reply #5 on: August 14, 2017, 03:01:31 PM »
Several months have passed, and there are no fixes in the distribution. :-\ :'(