I have a production setup as
webSEAL --> F5 --> 2 Apache --- 2 weblogic servers.
For every request webSEAL logs prints logged-in user-id and weblogic which is at the very last in infrastructure chain also have the user-id available in weblogic http access.log (not application log but weblogic internal access logs) but there's nothing shown in Apache.
Even when I added new logging configuration at apache, it's not printing the user_id in apache access logs.It just print a dash - (information not available).
following is the added configuration in httpd.conf and output.
LogFormat "%h %V %u %t \"%r\" %>s" test
CustomLog logs/testLogs testFormat
***192.168.44.53 localhost - [11/Jun/2015:23:21:39 +0200] "HEAD / HTTP/1.1" 200***
What else do I need to do to "make user-id available to Apache instance".
This is the reference for Apache 2.0X which I'm using in my environment.
http://httpd.apache.org/docs/2.0/logs.html
The %u pattern code logs the remote username if the request was authenticated with HTTP Basic or Digest authentication. In the example log entry this value is "-", meaning that the request was not authenticated with HTTP Basic or Digest authentication.
You can use Apache to log client IP addresses utilizing X-Forwarded-For headers .
The standard LogFormat directive:
LogFormat “%h %l %u %t “%r” %>s %b” common
To add the clients source IP address, just change this to:
LogFormat “%h %l %u %t “%r” %>s %b %{X-Forwarded-For}i” common
Standard logs:
192.168.2.210 – – [09/Feb/2011:09:59:31 +0000] “GET / HTTP/1.1″ 200 44
Client IP’s added:
192.168.2.210 – – [09/Feb/2011:10:00:16 +0000] “GET / HTTP/1.1″ 200 44 192.168.2.7
Related
The server with my website has started working with load balancer.
Previous log format
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
this format now contains the IP Address of the load balancer
I found the following solution to this problem on the php side
$_SERVER["HTTP_CLIENT_IPS"]
Is there a solution to this problem in log formats?
You need to setup the correct flag in the custom log format: http://httpd.apache.org/docs/current/mod/mod_log_config.html
Also consider using X-Forwarded-For header: https://www.rfc-editor.org/rfc/rfc7239
I am using sed to mask some data in proxy logs of Apache at windows.
Putting command in httpd.conf file is :
CustomLog "|$'C:/Program Files (x86)/GnuWin32/bin/sed' -i 's/password=[^ ]*/password=masked/' 'logs/proxy-access.log'" combined
on starting Apache service command prompts start opening and closing and in error.logs found exception i.e :
AH00106: piped log program ''C:/Program Files (x86)/GnuWin32/bin/sed' -i 's/password=[^ ]*/password=masked/' 'C:/Apache24/logs/proxy-access.log'' failed unexpectedly
One solution that we can apply: This is Apache only solution
we can remove parameters from only those requests which contains sensitive data like password.
Although such type of request should be POST but as these are in use then we can make their logging like POST in apache log files and hide sensitive data.
This can be achieved with Apache only configuration. Below is the script I have tested at local
RewriteEngine On
RewriteCond %{QUERY_STRING} password
RewriteRule ^ - [E=allowParamLogging:no]
LogFormat "%h %l %u %t \"%m %U %H\" %>s %b" custom_format_without_queryString
LogFormat "%h \"%{BALANCER_WORKER_NAME}e\" %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" custom_format_with_queryString
CustomLog 'logs/proxy-access.log' custom_format_without_queryString expr=(reqenv('allowParamLogging')=='no')
CustomLog 'logs/proxy-access.log' custom_formate_with_queryString expr=!(reqenv('allowParamLogging')=='no')
We can set environment variable (i.e allowParamLogging) using rewrite rule for request if that request contains keywords like password.
Then on the basis of environment variable we can choose the different formats of logs like custom_format_with_queryString for logging query parameter and custom_format_without_queryString for hiding query parameters.
Here is the sample of request's log
which contains the password :
::1 - - [08/Nov/2018:16:15:00 +0530] "GET /api/documents/ HTTP/1.1" 204 -
which does not contains the password:
::1 "-" - [08/Nov/2018:16:15:03 +0530] "GET /api/documents/?type=invoice HTTP/1.1" 204 - "rbose" "curl/7.61.1"
From what I can see, mod_cloudflare - https://github.com/cloudflare/mod_cloudflare - on Apache will simply replace the remote IP with the "correct" one (the users IP address replacing the Cloudflare server IP address that it came from at a TCP level), however, I require in my logs both the client IP address and the server IP address.
Is there any way to log this while using the standard mod_cloudflare module, and if not, what modifications would need to be made to mod_cloudflare to enable a new header that could be logged for this?
That isn't something that mod_cloudflare will be able to help with. But you might find some helpful information here:
http://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html
I have something like this LogFormat in my httpd.conf:
LogFormat "%{X-Forwarded-For}i (%h) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" combined
In my particular environment this puts the X-Forwarded-For (real IP) in first and in brackets it will add the "proxy" ip(s).
I´m creating a Web Service using Glassfish. Now I want to know basic information about my requests like:
[DATE] "GET / HTTP/1.0" 200
For that I installed apache 2.2. It has 3 logs: access.log, error.log and install.log. How can I known basic information of my application using access.log?In other words, How can I direct my application requests to access log?
If you need session id, date, HTTP status code and other important log information update below directive in your apache configuration file.
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" \"%{Set-Cookie}o\"" more_logs
CustomLog ${APACHE_LOG_DIR}/access.log more_logs
Here "%{Set-Cookie}o\" will enable logging of sessions.
If you still need more log information refer this documentation.
i would like to set up conditional logging for requests done over apaches mod_proxy. is that possible and if so how?
i already checked the documentation but did not find anything that i could use for setenvif
i ask here and not on serverfault because there is a business application logic behind (traffic calcluations for users...)
also i noticed that that proxy usernames in the log file.
proxy.2x.to:80 62.178.15.161 - peidel [06/Jun/2011:01:31:44 +0200] "GET http://proxy.2x.to/ HTTP/1.1" 200 1339 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
this is line from /var/log/apache2/other_vhosts_access.log which is generated by the default log defnitions:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
peidel is the username.
in the documentation it says:
%l Remote logname (from identd, if
supplied). This will return a dash
unless mod_ident is present and
IdentityCheck is set On.
now my question on this: can i rely on that? or is it possible that someone produces request with this identity information but who is not authenticated and produces log lines with an identity anyway?
http://httpd.apache.org/docs/current/logs.html
This is the userid of the person
requesting the document as determined
by HTTP authentication. The same value
is typically provided to CGI scripts
in the REMOTE_USER environment
variable. If the status code for the
request (see below) is 401, then this
value should not be trusted because
the user is not yet authenticated. If
the document is not password
protected, this part will be "-" just
like the previous one.