You need to use mod_extforward under Lighttpd to extract and log the client's real IP from "X-Forwarded-For" or "X-Real-IP" header which is added by reverse proxy server such as Nginx or Squid proxy server.
Configuration
Edit lighttpd.conf file, enter:# vi /etc/lighttpd/lighttpd.conf
WARNING! mod_extforward is included in lighttpd 1.4.14 and later.server.modules = (
"mod_redirect",
"mod_alias",
"mod_rewrite",
"mod_expire",
"mod_access",
"mod_auth",
"mod_status",
"mod_fastcgi",
"mod_secdownload",
"mod_accesslog",
"mod_compress",
### add mod_extforward ####
"mod_extforward"
)
Add Your Proxy Server / Revers Proxy Load Balancer IPs
Add your nginx based reverse proxy ips (LB's IPs) such as 10.10.28.5 and 10.10.28.6:Save and close the file.
extforward.forwarder = (
"10.10.28.5" => "trust",
"10.10.28.6" => "trust"
)
How Do I Set Client's Custom IP Headers?
You can also set headers to search for finding the client's original IP addresses using the following syntax:extforward.headers = ("X-Cluster-Client-Ip")OR
extforward.headers = ("X-Real-Ip")
Restart Lighttpd
Finally, restart the lighttpd web server, enter:# service lighttpd restartYou can view access log using tail command:
# tail -f /var/log/lighttpd/access.log
No comments:
Post a Comment