[squid-users] Forwarded-for functionality(squid)
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Sep 9 08:43:16 UTC 2020
On 08.09.20 16:42, piyush.gaba wrote:
>By the way guys. It just worked. Thanks alot Amos and Matus.
just to make sure - are you aware that anything in the X-Forwarded-For:
header can be fake and you should only use trusted IPs?
The follow_x_forwarded_for describes how:
http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/
>On 9/09/20 1:15 am, piyush.gaba wrote:
>> I think my whole struggle is to get the desired output as:
>> <ip>- - [17/Aug/2018:08:43:29 +0200] "GET /index1.html HTTP/1.1" 200 36 "-" "curl/7.29.0" unknown
>>
>> Which has "unknown" at the end because forwarded_for was set to "off".
>>
>> But now when I am working with squid 4.13 I am not getting the desired output, I am getting the output as,
>> <ip> - - [08/Sep/2020:15:07:19 +0200] "GET /index1.html HTTP/1.1" 200 8 "-" "curl/7.29.0"
>>
>> Which does not have anything at the end, while the forwarded_for is set to "off".
>>
>> Please let me know if you have any advice to give for this logging problem.
>>
>> I am using below log format in my httpd file,
>> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
>-----Original Message-----
>From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
>Sent: Tuesday, September 8, 2020 20:42
>To: squid-users at lists.squid-cache.org
>Subject: Re: [squid-users] Forwarded-for functionality(squid)
>That LogFormat tells us the first column of the log file is the contents
>of the X-Forwarded-For header. The first column of the log lines you
>showed is "<ip>" - the value of XFF header is supposed to be one or more
>IPs, so that looks like it is working.
>
>Use the debug_options setting I gave you to *actually* see what is
>happening. The Apache log is only showing you what values are _after_
>the httpd process and all modules have done their modifications to the
>HTTP input ... including replacing the transaction client-IP with any
>value from XFF header.
More information about the squid-users
mailing list