httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Jeziorski" <g...@jeziorski.com>
Subject RE: [users@httpd] Access_log shows incorrect remote host address
Date Thu, 17 Mar 2005 05:27:15 GMT
The request is coming from the outside, I agree with your "really weird"
assessment.  The network topology is as follows:


----------DSL "MODEM" --------------->SMC Router ------>Switch --> Webserver
   Public
IP--192.168.2.x-----192.168.2.y--192.168.1.x------------192.168.1.y


The address being logged is 192.168.2.y  The SMC is an SMC7004ABR.  I'm
beginning to think the router is misbehaving, but I don't think it has the
capability to terminate and initiate a new session. I've never seen any kind
of proxy function in it.

G


-----Original Message-----
From: Noah [mailto:sitz@onastick.net]
Sent: Wednesday, March 16, 2005 10:04 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Access_log shows incorrect remote host
address


On Wed, Mar 16, 2005 at 05:02:42PM -0700, FloorFLUX wrote:

>
> When you access your webserver, are you using an external IP address?
> If so, It's going to log your hit as coming from your router no matter
> where it's coming from on the lan because your outgoing request is
> going through the router.  If you access it via an internal IP address
> (perhaps that's how you're doing it with the other applications), then
> your request doesn't go through the router, and your internal address
> will be preserved.

Uh...what? If the request is coming from the outside, the logged IP
will, 98+% of the time, be the IP of the client (where 'client' may be a
proxying system of some kind and not /necessarily/ a browser). If it's
logging the IP of a /router/ that's really weird. I could see it logging
the IP of a /switch/, depending on the kind of switch it is; some
switches and pseudoswitches (things like Wincom (which no longer exists,
I believe) and Netscalar gear) can be configured to terminate an incoming
request and initiate a new TCP session to the server (with the switch's IP
as the source IP); quite possible some firewalls may do this as well;
haven't played with any, but they may well be out there.

Unless I'm missing something obvious (hardly the first time, and I'm not
a routergeek by trade), the above explanation is bogus.

What kind of a router are you dealing with? What's your network topology
look like (what does a packet have to do to get from the Internet(tm) to
your webserver?)

--n

--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message