You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/12/02 21:24:16 UTC

[GitHub] [trafficserver] shadyabhi opened a new issue #8544: Feature: Add "logging field" to identify proxy protocol client's IP address (previous proxy hop)

shadyabhi opened a new issue #8544:
URL: https://github.com/apache/trafficserver/issues/8544


   Relevant fields for this discussion (from https://docs.trafficserver.apache.org/en/latest/admin-guide/logging/formatting.en.html#admin-logging-fields-network) 
   
   | Field | Source | Description |
   | --- | --- | --- |
   | chi | Client | IP address of the client’s host |
   | pps | Proxy Protocol Source IP | Source IP received via Proxy Protocol context from the LB to the Traffic Server |
   
   With only these relevant fields available, if a `proxy-protocol` client connects to ATS while passing the right `proxy-protocol` headers, both fields `chi` and `pps` are updated with the `true client IP address`, ie, the IP address of the user-agent. (meaning a typical user on the internet)
   
   This means we lose the ability to identify the `IP address` of the previous `hop` when proxy protocol is used. Is there a need for adding a new field that signals the IP address of the `previous hop` when proxy protocol is used?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] SolidWallOfCode commented on issue #8544: Feature: Add "logging field" to identify proxy protocol client's IP address (previous proxy hop)

Posted by GitBox <gi...@apache.org>.

SolidWallOfCode commented on issue #8544:
URL: https://github.com/apache/trafficserver/issues/8544#issuecomment-988962571


   The suggestion is to add "rchi" which is always the inbound remote address.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] masaori335 commented on issue #8544: Feature: Add "logging field" to identify proxy protocol client's IP address (previous proxy hop)

Posted by GitBox <gi...@apache.org>.

masaori335 commented on issue #8544:
URL: https://github.com/apache/trafficserver/issues/8544#issuecomment-986319524


   IMO, the `chi` should always be the `previous hop`. We need to check why it's updated.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org