Ping a Specific Port

Question

Brad

Asked: 2020-10-31 13:31:03 +0800 CST2020-10-31 13:31:03 +0800 CST 2020-10-31 13:31:03 +0800 CST

Apache won't record X-Forwarded-For

772

I am trying to record the a client ip stored in the X-Forwarded-For http header in the Apache access logs but having no luck and have been pulling my hair out for hours. I've tried a ton of different things - nothing seems to work!

First I tried:

# Fields to record
LogFormat "(%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

# Log locations
CustomLog "/var/log/httpd/access.log" combined env=!dontlog

I also tried

# Fields to record
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

# Log locations
CustomLog "/var/log/httpd/access.log" combined env=!dontlog

I also tried:

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 192.168.1.10


# Fields to record
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

# Log locations
CustomLog "/var/log/httpd/access.log" combined env=!dontlog

This is on CentOS8

httpd -v
Server version: Apache/2.4.37 (centos)
Server built:   Sep 15 2020 15:41:16

Remote IP module is installed and I assume enabled?

 httpd -M | grep remoteip
 remoteip_module (shared)

I know the X-Forwarded-For header is being sent because I did a tcpdump:

    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
    Connection: keep-alive
    Cookie: _fbp=fb.1.1599523605116.597747458; __qca=P0-681804816-1599523605211; _ga=GA1.2.489007183.1600273387; _gid=GA1.2.315615129.1604091772; LB=1460283402.20480.0000; _dc_gtm_UA-34638206-1=1; _gat_UA-34638206-1=1
    Upgrade-Insecure-Requests: 1
    Pragma: no-cache
    Cache-Control: no-cache
    X-Forwarded-For: 69.165.232.76
    X-Forwarded-Proto: http

Case/spelling is identical to what I've put in my conf. So why do I keep getting the load balancers IP instead of the actual client IP?

I know I'm editing the right file because if I break the file by putting gibberish in it apache won't load.

I'm at my wits end. Someone please help :)

1 Answers

Voted

Brad · Answer 1 · 2020-11-01T05:36:40+08:00

Brad

2020-11-01T05:36:40+08:002020-11-01T05:36:40+08:00

For the benefit of others here's what worked for us:

 # Fields to record - use X-Forward-For instead of client IP so that we get the actual clients IP
 LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" mycustom

 # Log locations
 CustomLog "/var/log/httpd/access.log" mycustom env=!dontlog
 ErrorLog "/var/log/httpd/error.log"

The key as mentioned in the comments above:

You can't use combined as its either reserved or used elsewhere in the apache config
You need to use %{X-Forwarded-For}i NOT %a or %h

0

Apache won't record X-Forwarded-For

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?