You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tim Traver <tt...@simplenet.com> on 2005/06/17 22:35:31 UTC
[users@httpd] Not Logging Proxy Requests
Hi all,
ok, I am at a point where I do not want to log a request that is coming
from a proxy. I've looked, and it looks like I can use the CustomLog
directive with a conditional environment variable at the end of it to
accomplish this.
The problem I am having is that the environment variable is not getting
set when I use the SetEnvIf directive.
Here's what I have :
CustomLog /local/logs/apache/access combined env=!dontlog
SetEnvIf Proxy_Addr "209\.132\.98\.35" dontlog
I have tested the following line, and it works :
SetEnvIf Remote_Addr "209\.132\.98\.35" dontlog
But I don't want to refuse logging of everything that is coming from
that host, just the proxy requests.
I have looked and verified that "PROXY_ADDR" is set when a proxy request
is coming in, but for some reason the SetEnvIf is not working based on
that header...
Any help would be appreciated, as I am stumped why that SetEnvIf is not
working. I've tried all sorts of combinations (ie case, different
regexes, etc.)
Thanks,
Tim.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Not Logging Proxy Requests
Posted by Tim Traver <tt...@simplenet.com>.
Joshua,
Just verified that these are the RAW headers that the server is seeing :
This is from a ktrace session on the server (with x's to preserve
anonymity):
64160 httpd GIO fd 4 read 558 bytes
"GET /info.php HTTP/1.0\r
Host: tim.xxxxx.com\r
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,im\
age/png,*/*;q=0.5\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Accept-Encoding: gzip,deflate\r
Accept-Language: en-us,en;q=0.5\r
Cache-Control: no-cache\r
Pragma: no-cache\r
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.7.8) Gecko/20050511 Firef\
ox/1.0.4\r
Via: 0.0 tim.xxxxx.com\r
X-Forwarded-For: 209.xxx.xxx.116\r
X-Forwarded-Host: tim.xxxxxx.com\r
X-Forwarded-Server: tim.xxxxxx.com\r
Connection: close\r
\r
"
As you can see, the "X-Forwarded-For" header is sent.
In my SetEnvIf statement, I cant seem to set another environment
variable that will allow me to not log it, cause for some reason it
doesn't appear to see that header variable.
Tim.
>>
>>
> Joshua,
>
> actually, PROXY_ADDR is an environment variable that is created by
> mod_extract_forwarded...
>
> But, HTTP_X_FORWARDED_FOR is a header that is sent with the request
> from the proxy machine to the destination. I have also tried to use
> this variable, but to no avail...
>
> On your recommendation I tried HTTP-X-FORWARDED-FOR, but that doesn't
> work either.
>
> If what you said is true (that the headers have dashes instead of
> underscores, then how is it that SetEnvIf works using Remote_Addr ???
>
> Ultimately, the question becomes, how do I not log a proxy request ?
>
> Thanks,
>
> Tim.
>
>
>
>
>
>
>
>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Not Logging Proxy Requests
Posted by Joshua Slive <js...@gmail.com>.
On 6/17/05, Tim Traver <tt...@simplenet.com> wrote:
> Joshua,
>
> actually, PROXY_ADDR is an environment variable that is created by
> mod_extract_forwarded...
It is possible that this module is setting the variable too late in
request processing for mod_setenif to get at it.
>
> But, HTTP_X_FORWARDED_FOR is a header that is sent with the request from the
> proxy machine to the destination. I have also tried to use this variable,
> but to no avail...
>
> On your recommendation I tried HTTP-X-FORWARDED-FOR, but that doesn't work
> either.
Read the docs for SetEnvIf. You'll see that you don't need the HTTP-
prefix for headers. It is just X-Forwarded-For, exactly as sent by
the client.
>
> If what you said is true (that the headers have dashes instead of
> underscores, then how is it that SetEnvIf works using Remote_Addr ???
Because that isn't a request header, it is a variable created
specially by mod_setenvif.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Not Logging Proxy Requests
Posted by Tim Traver <tt...@simplenet.com>.
Joshua Slive wrote:
>On 6/17/05, Tim Traver <tt...@simplenet.com> wrote:
>
>
>
>>CustomLog /local/logs/apache/access combined env=!dontlog
>>
>>SetEnvIf Proxy_Addr "209\.132\.98\.35" dontlog
>>
>>I have tested the following line, and it works :
>>
>>SetEnvIf Remote_Addr "209\.132\.98\.35" dontlog
>>
>>But I don't want to refuse logging of everything that is coming from
>>that host, just the proxy requests.
>>
>>I have looked and verified that "PROXY_ADDR" is set when a proxy request
>>is coming in, but for some reason the SetEnvIf is not working based on
>>that header...
>>
>>
>
>Are you saying that PROXY_ADDR is an HTTP request header coming from the proxy?
>
>I doubt that. Underscores are not often seen in HTTP request headers.
> (But note that dashes are converted to underscores when a header is
>converted to an env variable in mod_cgi, which may be confusing you. )
>Perhaps the header is Proxy-Addr.
>
>Joshua.
>
>
>
Joshua,
actually, PROXY_ADDR is an environment variable that is created by
mod_extract_forwarded...
But, HTTP_X_FORWARDED_FOR is a header that is sent with the request from
the proxy machine to the destination. I have also tried to use this
variable, but to no avail...
On your recommendation I tried HTTP-X-FORWARDED-FOR, but that doesn't
work either.
If what you said is true (that the headers have dashes instead of
underscores, then how is it that SetEnvIf works using Remote_Addr ???
Ultimately, the question becomes, how do I not log a proxy request ?
Thanks,
Tim.
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
Re: [users@httpd] Not Logging Proxy Requests
Posted by Joshua Slive <js...@gmail.com>.
On 6/17/05, Tim Traver <tt...@simplenet.com> wrote:
> CustomLog /local/logs/apache/access combined env=!dontlog
>
> SetEnvIf Proxy_Addr "209\.132\.98\.35" dontlog
>
> I have tested the following line, and it works :
>
> SetEnvIf Remote_Addr "209\.132\.98\.35" dontlog
>
> But I don't want to refuse logging of everything that is coming from
> that host, just the proxy requests.
>
> I have looked and verified that "PROXY_ADDR" is set when a proxy request
> is coming in, but for some reason the SetEnvIf is not working based on
> that header...
Are you saying that PROXY_ADDR is an HTTP request header coming from the proxy?
I doubt that. Underscores are not often seen in HTTP request headers.
(But note that dashes are converted to underscores when a header is
converted to an env variable in mod_cgi, which may be confusing you. )
Perhaps the header is Proxy-Addr.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org