You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by gr...@jeziorski.com on 2005/03/16 23:49:30 UTC
[users@httpd] Access_log shows incorrect remote host address
I'm running Apache 2.0.52 on Fedora Core 3. I am running webalizer and I noticed that a couple of days ago all httpd logs are reporting the same IP address for the requesting host, the address of my router. Logs from other applications (FTP, Sendmail) all report the correct address of remote host. If I telnet to port 80 from another server on the LAN, the httpd logs show the address of the server. I searched the FAQ and the archives but didn't find anything like this. Any thoughts/suggestions would be appreciated.
Thanks,
Greg
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access_log shows incorrect remote host address
Posted by Jonathan Mangin <jo...@comcast.net>.
If you access the server through your router's WAN address
and have port forwarding turned on, the access_log will
always reflect the router's LAN address.
----- Original Message -----
From: "Greg Jeziorski" <gr...@jeziorski.com>
To: <us...@httpd.apache.org>
Sent: Thursday, March 17, 2005 12:27 AM
Subject: RE: [users@httpd] Access_log shows incorrect remote host address
> The request is coming from the outside, I agree with your "really weird"
> assessment. The network topology is as follows:
>
>
> ----------DSL "MODEM" --------------->SMC Router ------>Switch -->
> Webserver
> Public
> IP--192.168.2.x-----192.168.2.y--192.168.1.x------------192.168.1.y
>
>
> The address being logged is 192.168.2.y The SMC is an SMC7004ABR. I'm
> beginning to think the router is misbehaving, but I don't think it has the
> capability to terminate and initiate a new session. I've never seen any
> kind
> of proxy function in it.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access_log shows incorrect remote host address
Posted by "Ivan Barrera A." <Br...@Ivn.cl>.
> The request is coming from the outside, I agree with your "really weird"
> assessment. The network topology is as follows:
>
>
> ----------DSL "MODEM" --------------->SMC Router ------>Switch --> Webserver
> Public
> IP--192.168.2.x-----192.168.2.y--192.168.1.x------------192.168.1.y
>
>
> The address being logged is 192.168.2.y The SMC is an SMC7004ABR. I'm
> beginning to think the router is misbehaving, but I don't think it has the
> capability to terminate and initiate a new session. I've never seen any kind
> of proxy function in it.
The SMC router may be doing NAT (network address translation)
>
> G
>
>
> -----Original Message-----
> From: Noah [mailto:sitz@onastick.net]
> Sent: Wednesday, March 16, 2005 10:04 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Access_log shows incorrect remote host
> address
>
>
> On Wed, Mar 16, 2005 at 05:02:42PM -0700, FloorFLUX wrote:
>
>
>>When you access your webserver, are you using an external IP address?
>>If so, It's going to log your hit as coming from your router no matter
>>where it's coming from on the lan because your outgoing request is
>>going through the router. If you access it via an internal IP address
>>(perhaps that's how you're doing it with the other applications), then
>>your request doesn't go through the router, and your internal address
>>will be preserved.
>
>
> Uh...what? If the request is coming from the outside, the logged IP
> will, 98+% of the time, be the IP of the client (where 'client' may be a
> proxying system of some kind and not /necessarily/ a browser). If it's
> logging the IP of a /router/ that's really weird. I could see it logging
> the IP of a /switch/, depending on the kind of switch it is; some
> switches and pseudoswitches (things like Wincom (which no longer exists,
> I believe) and Netscalar gear) can be configured to terminate an incoming
> request and initiate a new TCP session to the server (with the switch's IP
> as the source IP); quite possible some firewalls may do this as well;
> haven't played with any, but they may well be out there.
>
> Unless I'm missing something obvious (hardly the first time, and I'm not
> a routergeek by trade), the above explanation is bogus.
>
> What kind of a router are you dealing with? What's your network topology
> look like (what does a packet have to do to get from the Internet(tm) to
> your webserver?)
>
> --n
>
> --
> <huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
> <huey> ^^^ Making Flippy Floppy
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Access_log shows incorrect remote host address
Posted by Greg Jeziorski <gr...@jeziorski.com>.
The request is coming from the outside, I agree with your "really weird"
assessment. The network topology is as follows:
----------DSL "MODEM" --------------->SMC Router ------>Switch --> Webserver
Public
IP--192.168.2.x-----192.168.2.y--192.168.1.x------------192.168.1.y
The address being logged is 192.168.2.y The SMC is an SMC7004ABR. I'm
beginning to think the router is misbehaving, but I don't think it has the
capability to terminate and initiate a new session. I've never seen any kind
of proxy function in it.
G
-----Original Message-----
From: Noah [mailto:sitz@onastick.net]
Sent: Wednesday, March 16, 2005 10:04 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Access_log shows incorrect remote host
address
On Wed, Mar 16, 2005 at 05:02:42PM -0700, FloorFLUX wrote:
>
> When you access your webserver, are you using an external IP address?
> If so, It's going to log your hit as coming from your router no matter
> where it's coming from on the lan because your outgoing request is
> going through the router. If you access it via an internal IP address
> (perhaps that's how you're doing it with the other applications), then
> your request doesn't go through the router, and your internal address
> will be preserved.
Uh...what? If the request is coming from the outside, the logged IP
will, 98+% of the time, be the IP of the client (where 'client' may be a
proxying system of some kind and not /necessarily/ a browser). If it's
logging the IP of a /router/ that's really weird. I could see it logging
the IP of a /switch/, depending on the kind of switch it is; some
switches and pseudoswitches (things like Wincom (which no longer exists,
I believe) and Netscalar gear) can be configured to terminate an incoming
request and initiate a new TCP session to the server (with the switch's IP
as the source IP); quite possible some firewalls may do this as well;
haven't played with any, but they may well be out there.
Unless I'm missing something obvious (hardly the first time, and I'm not
a routergeek by trade), the above explanation is bogus.
What kind of a router are you dealing with? What's your network topology
look like (what does a packet have to do to get from the Internet(tm) to
your webserver?)
--n
--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access_log shows incorrect remote host address
Posted by Noah <si...@onastick.net>.
On Wed, Mar 16, 2005 at 05:02:42PM -0700, FloorFLUX wrote:
>
> When you access your webserver, are you using an external IP address?
> If so, It's going to log your hit as coming from your router no matter
> where it's coming from on the lan because your outgoing request is
> going through the router. If you access it via an internal IP address
> (perhaps that's how you're doing it with the other applications), then
> your request doesn't go through the router, and your internal address
> will be preserved.
Uh...what? If the request is coming from the outside, the logged IP
will, 98+% of the time, be the IP of the client (where 'client' may be a
proxying system of some kind and not /necessarily/ a browser). If it's
logging the IP of a /router/ that's really weird. I could see it logging
the IP of a /switch/, depending on the kind of switch it is; some
switches and pseudoswitches (things like Wincom (which no longer exists,
I believe) and Netscalar gear) can be configured to terminate an incoming
request and initiate a new TCP session to the server (with the switch's IP
as the source IP); quite possible some firewalls may do this as well;
haven't played with any, but they may well be out there.
Unless I'm missing something obvious (hardly the first time, and I'm not
a routergeek by trade), the above explanation is bogus.
What kind of a router are you dealing with? What's your network topology
look like (what does a packet have to do to get from the Internet(tm) to
your webserver?)
--n
--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Access_log shows incorrect remote host address
Posted by Greg Jeziorski <gr...@jeziorski.com>.
Floor,
That does make sense, and I am accessing the website from my external
address. Apache has been logging the remote host address and not the router
address for several years and now all of a sudden, it doesn't. What's
interesting is that the address of the router that is being logged is a
private address in a different subnet from the private address of the web
server. Is there any function/feature within Apache that causes it to log
the "previous hop" address and not the remote host? The router is not doing
any proxying, only NAT. When things like this change for no apparent
reason, I get concerned.
Thanks,
Greg
-----Original Message-----
From: FloorFLUX [mailto:floorflux@gmail.com]
Sent: Wednesday, March 16, 2005 5:03 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Access_log shows incorrect remote host
address
Greg,
When you access your webserver, are you using an external IP address?
If so, It's going to log your hit as coming from your router no matter
where it's coming from on the lan because your outgoing request is
going through the router. If you access it via an internal IP address
(perhaps that's how you're doing it with the other applications), then
your request doesn't go through the router, and your internal address
will be preserved.
Let me know if that makes any sense or if it's inaccurate...
--Floor
On Wed, 16 Mar 2005 15:49:30 -0700, greg@jeziorski.com
<gr...@jeziorski.com> wrote:
> I'm running Apache 2.0.52 on Fedora Core 3. I am running webalizer and I
noticed that a couple of days ago all httpd logs are reporting the same IP
address for the requesting host, the address of my router. Logs from other
applications (FTP, Sendmail) all report the correct address of remote host.
If I telnet to port 80 from another server on the LAN, the httpd logs show
the address of the server. I searched the FAQ and the archives but didn't
find anything like this. Any thoughts/suggestions would be appreciated.
>
> Thanks,
> Greg
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access_log shows incorrect remote host address
Posted by FloorFLUX <fl...@gmail.com>.
Greg,
When you access your webserver, are you using an external IP address?
If so, It's going to log your hit as coming from your router no matter
where it's coming from on the lan because your outgoing request is
going through the router. If you access it via an internal IP address
(perhaps that's how you're doing it with the other applications), then
your request doesn't go through the router, and your internal address
will be preserved.
Let me know if that makes any sense or if it's inaccurate...
--Floor
On Wed, 16 Mar 2005 15:49:30 -0700, greg@jeziorski.com
<gr...@jeziorski.com> wrote:
> I'm running Apache 2.0.52 on Fedora Core 3. I am running webalizer and I noticed that a couple of days ago all httpd logs are reporting the same IP address for the requesting host, the address of my router. Logs from other applications (FTP, Sendmail) all report the correct address of remote host. If I telnet to port 80 from another server on the LAN, the httpd logs show the address of the server. I searched the FAQ and the archives but didn't find anything like this. Any thoughts/suggestions would be appreciated.
>
> Thanks,
> Greg
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org