-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phillip Hutchings wrote: | On Mon, 21 Mar 2005 12:40:48 -0000 (GMT), Robert (Jamie) Munro | <jamie@textmatters.com> wrote: | |>Is it possible to get zope's access log (Z2.log) to log the IP address of |>the original client, rather than that of the proxy when the proxy is |>listed as a trusted-proxy. Currently, my log files have all clients as |>127.0.0.1, which isn't very helpful when analysing the logs. | | | No, because the proxy initialises a new connection to the Zope server, | so the connection to Zope actually does come from 127.0.0.1, not the | client. Get your proxy to log, it's easier. Actually, there is a configuration option which tells Zope to trust the "X-Forwarded-For" header from particular proxies: # Directive: trusted-proxy # # Description: # Define one or more 'trusted-proxies' directives, each of which is a # hostname or an IP address. The set of definitions comprises a list # of front-end proxies that are trusted to supply an accurate # X-Forwarded-For header to Zope. If a connection comes from # a trusted proxy, Zope will trust any X-Forwarded header to contain # the user's real IP address for the purposes of address-based # authentication restriction. # # Default: unset # # Example: # # trusted-proxy www.example.com # trusted-proxy 192.168.1.1 I don't know whether that setting has any effect on the address used by the access log, however. Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCP0HTGqWXf00rNCgRAqpYAJ9rjMlyjMhYzkaXlhA2eWGiYvf41ACgn4k7 P9W+du/+e2kP0zY6Bnoh9WE= =kZeq -----END PGP SIGNATURE-----