httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Re: [users@httpd] X-Forward-For in ssl_access_log / apache behind WAF
Date Sun, 08 Oct 2017 10:58:16 GMT
Hi,

On Fri, Oct 6, 2017 at 8:49 AM, Morel Mosolff <marcus0049@gmx.de> wrote:
> Hi Yann
> unfortunately that makes no difference.
>
> It don't works even if I only try to block one ip-address like this: SetEnvIf Remote_Addr
"1\.2\.3\.1" wav
> but the output is slighly different (see below)
>
>         LogFormat "%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
>         LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
proxy
>         SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
>         CustomLog "logs/ssl_access_log" combined env=!forwarded
>         CustomLog "logs/ssl_access_log" proxy env=forwarded
>         SetEnvIf Remote_Addr "1\.2\.3\.1" wav
>         CustomLog "logs/ssl_access_log" proxy env=!waf

There seems to be some typos above, "waf" vs "wav", IP "1.2.*" vs
"10.1.2.*" below?
I'm hardly following here, could you please clarify?

>
> before (deny two ip's):
> 10.1.2.1 - - [06/Oct/2017:08:37:12 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.2 - - [06/Oct/2017:08:37:13 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.1 - - [06/Oct/2017:08:37:17 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.2 - - [06/Oct/2017:08:37:18 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.1 - - [06/Oct/2017:08:37:22 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.2 - - [06/Oct/2017:08:37:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
>
>
> after (deny one ip):
> 10.1.2.1 - - [06/Oct/2017:08:37:32 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> - 10.1.2.1 - - [06/Oct/2017:08:37:32 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.2 - - [06/Oct/2017:08:37:33 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> - 10.1.2.2 - - [06/Oct/2017:08:37:33 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.1 - - [06/Oct/2017:08:37:37 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> - 10.1.2.1 - - [06/Oct/2017:08:37:37 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
>
> if I delete %h in the proxy definition I get:
> 10.1.2.2 - - [06/Oct/2017:08:45:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> - - - [06/Oct/2017:08:45:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.1 - - [06/Oct/2017:08:45:27 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> - - - [06/Oct/2017:08:45:27 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> 10.1.2.22 - - [06/Oct/2017:08:45:28 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
> - - - [06/Oct/2017:08:45:28 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
>
> (one time the request ist logged with the ip and ontime without...:-(  )

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message