My system is running as architecture below
clients -> physical LB -> httpd reverse proxy (multiple servers) -> tomcat (multiple servers)
my question is how I could log the IP of the proxy server that the request goes through into the tomcat access log?
here is my tomcat server.xml config
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
requestAttributesEnabled="true"
directory="${LOG_DIR}/tomcat"
prefix="access."
suffix=".log"
pattern="%h %{org.apache.tomcat.remoteAddr}r %{X-Forwarded-For}i %A %{Host}i %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %I %D "%S" "%{COOKIE}i""
resolveHosts="false"
fileDateFormat="yyyy-MM-dd"
rotatable="true"
/>
Related
The server with my website has started working with load balancer.
Previous log format
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
this format now contains the IP Address of the load balancer
I found the following solution to this problem on the php side
$_SERVER["HTTP_CLIENT_IPS"]
Is there a solution to this problem in log formats?
You need to setup the correct flag in the custom log format: http://httpd.apache.org/docs/current/mod/mod_log_config.html
Also consider using X-Forwarded-For header: https://www.rfc-editor.org/rfc/rfc7239
I am trying to log website visitor application in tomcat logs
I have tried adding below lines of code in server.xml
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%{X-Forwarded-For}i %h %F %l %u %t "%r" %s %b"/>
I am getting the below output in the tomcat log.
192.168.1.149 15 - - [24/Jul/2020:16:24:16 +0200] "GET /geonetwork/srv/eng/shib.user.login.noforward HTTP/1.0" 200 50
I need to get remote IP of one who is accessing the application
There are 2 scenario, your tomcat is not behind any load balancer or proxy or behind one. If your tomcat is not behind proxy or load balancer, it's already correct. For more precaution, maybe add %a so it can grab the remote ip address as stated in Access_Log_Valve
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%{X-Forwarded-For}i %h %F %l %u %t "%r" %s %b" />
To
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%{X-Forwarded-For}i %a %h %F %l %u %t "%r" %s %b" />
If you want to use %h for Remote host name, please set enableLookups="true" at connector
<!-- Define a non-SSL HTTP/1.1 Connector on port 8180 -->
<Connector port="8080"
....
enableLookups="true"
....
/>
But in any case that the tomcat is behind proxy or load balancer, add more configuration like this:
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.AccessLogValve" ....
The proxy default ip addresses that used by RemoteIpValve:
127.0.0.0/8
169.254.0.0/16
10.0.0.0/8
192.168.0.0/16
And maybe if your proxy is not listed here, add internalproxies configuration to catch the proxy:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="172.16.0.10|172.16.0.11" />
From what I can see, mod_cloudflare - https://github.com/cloudflare/mod_cloudflare - on Apache will simply replace the remote IP with the "correct" one (the users IP address replacing the Cloudflare server IP address that it came from at a TCP level), however, I require in my logs both the client IP address and the server IP address.
Is there any way to log this while using the standard mod_cloudflare module, and if not, what modifications would need to be made to mod_cloudflare to enable a new header that could be logged for this?
That isn't something that mod_cloudflare will be able to help with. But you might find some helpful information here:
http://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html
I have something like this LogFormat in my httpd.conf:
LogFormat "%{X-Forwarded-For}i (%h) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" combined
In my particular environment this puts the X-Forwarded-For (real IP) in first and in brackets it will add the "proxy" ip(s).
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="${catalina.base}/logs"
prefix="access_log"
fileDateFormat="yyyy-MM-dd.HH"
suffix=".log"
pattern="%t %H cookie:%{SESSIONID}c request:%{SESSIONID}r %m %U %s %q %r"
/>
But it is not working for me..No logs are being created. I want all the info of client including access time,IP, host,proxy IP,hostname.
For time,IP, host,proxy IP,hostname - Check link for reference. Use Following
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
logs are not created because of directory="${catalina.base}/logs". Directory description is
Absolute or relative pathname of a directory in which log files created by this valve will be placed. If a relative path is specified, it is interpreted as relative to $CATALINA_BASE. If no directory attribute is specified, the default value is "logs" (relative to $CATALINA_BASE).
You must specify only directory="logs".
I have a production setup as
webSEAL --> F5 --> 2 Apache --- 2 weblogic servers.
For every request webSEAL logs prints logged-in user-id and weblogic which is at the very last in infrastructure chain also have the user-id available in weblogic http access.log (not application log but weblogic internal access logs) but there's nothing shown in Apache.
Even when I added new logging configuration at apache, it's not printing the user_id in apache access logs.It just print a dash - (information not available).
following is the added configuration in httpd.conf and output.
LogFormat "%h %V %u %t \"%r\" %>s" test
CustomLog logs/testLogs testFormat
***192.168.44.53 localhost - [11/Jun/2015:23:21:39 +0200] "HEAD / HTTP/1.1" 200***
What else do I need to do to "make user-id available to Apache instance".
This is the reference for Apache 2.0X which I'm using in my environment.
http://httpd.apache.org/docs/2.0/logs.html
The %u pattern code logs the remote username if the request was authenticated with HTTP Basic or Digest authentication. In the example log entry this value is "-", meaning that the request was not authenticated with HTTP Basic or Digest authentication.
You can use Apache to log client IP addresses utilizing X-Forwarded-For headers .
The standard LogFormat directive:
LogFormat “%h %l %u %t “%r” %>s %b” common
To add the clients source IP address, just change this to:
LogFormat “%h %l %u %t “%r” %>s %b %{X-Forwarded-For}i” common
Standard logs:
192.168.2.210 – – [09/Feb/2011:09:59:31 +0000] “GET / HTTP/1.1″ 200 44
Client IP’s added:
192.168.2.210 – – [09/Feb/2011:10:00:16 +0000] “GET / HTTP/1.1″ 200 44 192.168.2.7