我试图在 Apache 访问日志中记录存储在 X-Forwarded-For http 标头中的客户端 IP,但没有成功,并且已经花了好几个小时才弄明白。我尝试了很多不同的方法 - 似乎都没有用!
首先我尝试:
# Fields to record
LogFormat "(%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# Log locations
CustomLog "/var/log/httpd/access.log" combined env=!dontlog
我也试过
# Fields to record
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# Log locations
CustomLog "/var/log/httpd/access.log" combined env=!dontlog
我也尝试过:
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 192.168.1.10
# Fields to record
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# Log locations
CustomLog "/var/log/httpd/access.log" combined env=!dontlog
这是在 CentOS8 上
httpd -v
Server version: Apache/2.4.37 (centos)
Server built: Sep 15 2020 15:41:16
远程 IP 模块已安装并且我假设已启用?
httpd -M | grep remoteip
remoteip_module (shared)
我知道 X-Forwarded-For 标头已被发送,因为我做了一个 tcpdump:
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Connection: keep-alive
Cookie: _fbp=fb.1.1599523605116.597747458; __qca=P0-681804816-1599523605211; _ga=GA1.2.489007183.1600273387; _gid=GA1.2.315615129.1604091772; LB=1460283402.20480.0000; _dc_gtm_UA-34638206-1=1; _gat_UA-34638206-1=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
X-Forwarded-For: 69.165.232.76
X-Forwarded-Proto: http
大小写/拼写与我在配置文件中输入的相同。那么为什么我总是获取负载均衡器 IP,而不是实际的客户端 IP?
我知道我正在编辑正确的文件,因为如果我将乱码放入其中而破坏文件,apache 将无法加载。
我已经束手无策了。求谁来帮帮我 :)
答案1
为了其他人的利益,以下是我们采取的有效措施:
# Fields to record - use X-Forward-For instead of client IP so that we get the actual clients IP
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" mycustom
# Log locations
CustomLog "/var/log/httpd/access.log" mycustom env=!dontlog
ErrorLog "/var/log/httpd/error.log"
上面的评论中提到的关键是:
您不能使用组合,因为它要么被保留,要么在 apache 配置的其他地方使用
您需要使用
%{X-Forwarded-For}i
NOT%a
或%h