Extended X-Forwarded-For Logging with Apache

I ran into a problem this week trying to generate Webtrends Reporting Data for the Apache web servers located behind our Load Balancer. Since the Load Balancer is acting as a proxy, the Load Balancer IP was the only host IP being recorded in the logs. This makes it impossible to get accurate Webtrends Reporting. I found two solutions to this problem. Both rely on the �X-Forwarded-For� http header.

mod_extract_forwarded Apache Module

The website for the module says:

mod_extract_forwarded is designed to transparently modify a connection so
that it looks like it came from the IP behind a proxy server rather than
the proxy itself. This affects all subsequent stages of request processing
including access control, logging, and CGIs. It relies on the
“X-Forwarded-For” header to do this. This header should be added by all
well-behaved proxies. If the proxy doesn’t add it, we can’t do anything
about it.

I decided against using this solution because I didn’t really want to load a 0.1 version module on a production Apache server.

Modifying the Apache LogFormat Directive

I modified the LogFormat directive in httpd.conf by replacing %h with %{X-Forwarded-For}i. An example is below.

#LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined

This causes the IP of the remote client to be written to the logs instead of the Proxy IP. It was easier to implement than the mod_extract_forwarded Apache module and solved my problem without adding additional risk to the production servers.

Comments are closed.