Logging client IPs to Z2.log
Hi there, First up: Python 2.4.2 Zope 2.9.4 I'm a relative Zope newbie so please forgive my ignorance but I have not been able to find an answer anywhere else. AFAIK there are a couple of options for running Zope behind Apache - PCGI/FCGI or mod_proxy. It seems PCGI/FCGI is deprecated in later versions and mod_proxy is recommended. However, when running Zope behind mod_proxy all of the requests to Zope naturally come from the webserver (in this case running on the same machine) hence all entries in Z2.log are prefixed by a client address of 127.0.0.1. I have the following options turned on: trusted-proxy 127.0.0.1 (in zope/etc/zope.conf) ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyVia On (in the vhost config in apache) The trusted-proxy parameter seems to related to the X-Forwarded-For header which doesn't appear to be dealt with by Apache. It would seem that neither Apache nor Zope can communicate the client's IP by the methods I have used, as Z2.log still contains 127.0.0.1 for every request. So... is it at all possible to log the real client IPs in Z2.log using mod_proxy? If not what is going to happen when (and if) PCGI/FCGI support is removed? -- Regards, Oliver
--On 17. August 2006 00:26:25 +1000 Oliver Hookins <oliver.hookins@anchor.com.au> wrote:
Hi there,
First up: Python 2.4.2 Zope 2.9.4
I'm a relative Zope newbie so please forgive my ignorance but I have not been able to find an answer anywhere else. AFAIK there are a couple of options for running Zope behind Apache - PCGI/FCGI or mod_proxy. It seems PCGI/FCGI is deprecated in later versions and mod_proxy is recommended.
You can also look inside the logs of your Apache for the IP addresses?! -aj
Quoting Andreas Jung <lists@zopyx.com>:
--On 17. August 2006 00:26:25 +1000 Oliver Hookins <oliver.hookins@anchor.com.au> wrote:
Hi there,
First up: Python 2.4.2 Zope 2.9.4
I'm a relative Zope newbie so please forgive my ignorance but I have not been able to find an answer anywhere else. AFAIK there are a couple of options for running Zope behind Apache - PCGI/FCGI or mod_proxy. It seems PCGI/FCGI is deprecated in later versions and mod_proxy is recommended.
You can also look inside the logs of your Apache for the IP addresses?!
That's not always possible in our virtual hosting environment, and besides it makes no sense to have to look in two different places for the same information. -- Regards, Oliver
----- Original Message ----- From: "Oliver Hookins" <oliver.hookins@anchor.com.au> To: <zope@zope.org> Sent: Wednesday, August 16, 2006 10:26 AM Subject: [Zope] Logging client IPs to Z2.log
Hi there,
First up: Python 2.4.2 Zope 2.9.4
I'm a relative Zope newbie so please forgive my ignorance but I have not been able to find an answer anywhere else. AFAIK there are a couple of options for running Zope behind Apache - PCGI/FCGI or mod_proxy. It seems PCGI/FCGI is deprecated in later versions and mod_proxy is recommended.
However, when running Zope behind mod_proxy all of the requests to Zope naturally come from the webserver (in this case running on the same machine) hence all entries in Z2.log are prefixed by a client address of 127.0.0.1.
I have the following options turned on: trusted-proxy 127.0.0.1 (in zope/etc/zope.conf)
ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyVia On (in the vhost config in apache)
The trusted-proxy parameter seems to related to the X-Forwarded-For header which doesn't appear to be dealt with by Apache. It would seem that neither Apache nor Zope can communicate the client's IP by the methods I have used, as Z2.log still contains 127.0.0.1 for every request.
So... is it at all possible to log the real client IPs in Z2.log using mod_proxy? If not what is going to happen when (and if) PCGI/FCGI support is removed?
It may be that you need to reconfigure apache, have a look at the apache docs: http://httpd.apache.org/docs/2.0/mod/mod_proxy.html Jonathan
Quoting Jonathan <dev101@magma.ca>:
----- Original Message ----- From: "Oliver Hookins" <oliver.hookins@anchor.com.au> To: <zope@zope.org> Sent: Wednesday, August 16, 2006 10:26 AM Subject: [Zope] Logging client IPs to Z2.log
Hi there,
First up: Python 2.4.2 Zope 2.9.4
I'm a relative Zope newbie so please forgive my ignorance but I have not been able to find an answer anywhere else. AFAIK there are a couple of options
for running Zope behind Apache - PCGI/FCGI or mod_proxy. It seems PCGI/FCGI is deprecated in later versions and mod_proxy is recommended.
However, when running Zope behind mod_proxy all of the requests to Zope naturally come from the webserver (in this case running on the same machine) hence all entries in Z2.log are prefixed by a client address of 127.0.0.1.
I have the following options turned on: trusted-proxy 127.0.0.1 (in zope/etc/zope.conf)
ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyVia On (in the vhost config in apache)
The trusted-proxy parameter seems to related to the X-Forwarded-For header
which doesn't appear to be dealt with by Apache. It would seem that neither Apache nor Zope can communicate the client's IP by the methods I have used, as Z2.log
still contains 127.0.0.1 for every request.
So... is it at all possible to log the real client IPs in Z2.log using mod_proxy? If not what is going to happen when (and if) PCGI/FCGI support
is removed?
It may be that you need to reconfigure apache, have a look at the apache docs:
What do you mean by reconfigure? If the directives I have used weren't supported then httpd would have complained on restart. This is clearly not the problem. Surely I'm not the only one who has run into this issue, or is everyone else steadfastly sticking to ZServer or PCGI/FCGI? -- Regards, Oliver
Hi Oliver, Oliver Hookins wrote:
So... is it at all possible to log the real client IPs in Z2.log using mod_proxy? If not what is going to happen when (and if) PCGI/FCGI support is removed?
FCGI is already unsupported,
It may be that you need to reconfigure apache, have a look at the apache docs:
What do you mean by reconfigure? If the directives I have used weren't supported then httpd would have complained on restart. This is clearly not the problem.
Not necessarily - Jonathan may have been suggesting that Apache can do things /differently/, as opposed to that it is /wrongly/ configured.
Surely I'm not the only one who has run into this issue, or is everyone else steadfastly sticking to ZServer or PCGI/FCGI?
I have exactly that issue, and I recommend that you consider Apache to be the web server and Zope the application server, and that logging client IPs is the web server's job. Very few people use PCGI/FCGI (less all the time), most run Zope behind Apache. -- Regards, PhilK "Human language continually changes, innit." - Stephen Juan
----- Original Message ----- From: "Philip Kilner" <phil@xfr.co.uk> To: "Oliver Hookins" <oliver.hookins@anchor.com.au> Cc: "Jonathan" <dev101@magma.ca>; <zope@zope.org> Sent: Wednesday, August 16, 2006 11:02 AM Subject: Re: [Zope] Logging client IPs to Z2.log
Hi Oliver,
Oliver Hookins wrote:
So... is it at all possible to log the real client IPs in Z2.log using mod_proxy? If not what is going to happen when (and if) PCGI/FCGI support is removed?
FCGI is already unsupported,
It may be that you need to reconfigure apache, have a look at the apache docs:
What do you mean by reconfigure? If the directives I have used weren't supported then httpd would have complained on restart. This is clearly not the problem.
Not necessarily - Jonathan may have been suggesting that Apache can do things /differently/, as opposed to that it is /wrongly/ configured.
Exactly. Instead of using apache as a reverse proxy, set up rewrite rules and then you can pass along the ip address (if you really need it). Jonathan
Quoting Jonathan <dev101@magma.ca>:
----- Original Message ----- From: "Philip Kilner" <phil@xfr.co.uk> To: "Oliver Hookins" <oliver.hookins@anchor.com.au> Cc: "Jonathan" <dev101@magma.ca>; <zope@zope.org> Sent: Wednesday, August 16, 2006 11:02 AM Subject: Re: [Zope] Logging client IPs to Z2.log
Hi Oliver,
Oliver Hookins wrote:
So... is it at all possible to log the real client IPs in Z2.log using mod_proxy? If not what is going to happen when (and if) PCGI/FCGI support is removed?
FCGI is already unsupported,
It may be that you need to reconfigure apache, have a look at the apache docs:
What do you mean by reconfigure? If the directives I have used weren't supported then httpd would have complained on restart. This is clearly not the problem.
Not necessarily - Jonathan may have been suggesting that Apache can do things /differently/, as opposed to that it is /wrongly/ configured.
Exactly. Instead of using apache as a reverse proxy, set up rewrite rules and then you can pass along the ip address (if you really need it).
Jonathan
Hmmm sounds like what I suspected is actually true... well at least I won't spend time bashing my head against a wall. Thanks for all your (very speedy) help everyone! -- Regards, Oliver
Hi Oliver, Oliver Hookins wrote:
Exactly. Instead of using apache as a reverse proxy, set up rewrite rules and then you can pass along the ip address (if you really need it).
...[snip]...
Hmmm sounds like what I suspected is actually true... well at least I won't spend time bashing my head against a wall. Thanks for all your (very speedy) help everyone!
I'd missed that you were using the reverse proxy technique - I'd strongly recommend rewrite rules. HTH -- Regards, PhilK "Human language continually changes, innit." - Stephen Juan
Quoting Philip Kilner <phil@xfr.co.uk>:
Hi Oliver,
Oliver Hookins wrote:
Exactly. Instead of using apache as a reverse proxy, set up rewrite rules
and then you can pass along the ip address (if you really need it).
...[snip]...
Hmmm sounds like what I suspected is actually true... well at least I won't spend time bashing my head against a wall. Thanks for all your (very speedy) help everyone!
I'd missed that you were using the reverse proxy technique - I'd strongly recommend rewrite rules.
Without meaning to be greedy, can you suggest an example? -- Regards, Oliver Hookins Anchor Systems
----- Original Message ----- From: "Oliver Hookins" <oliver.hookins@anchor.com.au> To: <phil@xfr.co.uk> Cc: "Jonathan" <dev101@magma.ca>; <zope@zope.org> Sent: Wednesday, August 16, 2006 12:23 PM Subject: Re: [Zope] Logging client IPs to Z2.log
Quoting Philip Kilner <phil@xfr.co.uk>:
Hi Oliver,
Oliver Hookins wrote:
Exactly. Instead of using apache as a reverse proxy, set up rewrite rules
and then you can pass along the ip address (if you really need it).
...[snip]...
Hmmm sounds like what I suspected is actually true... well at least I won't spend time bashing my head against a wall. Thanks for all your (very speedy) help everyone!
I'd missed that you were using the reverse proxy technique - I'd strongly recommend rewrite rules.
Without meaning to be greedy, can you suggest an example?
There is a chapter on this in the zope book (v2.6) - look for "Virtual Hosting Services" Jonathan
Hi Oliver, Oliver Hookins wrote:
I'd missed that you were using the reverse proxy technique - I'd strongly recommend rewrite rules.
Without meaning to be greedy, can you suggest an example?
As Jonathan says, the Zope book has examples. The most recent version I'm aware of is at: - http://www.plope.com/Books/2_7Edition/VirtualHosting.stx The "Rewrite Rules Witch" is a handy resource, too: - http://www.betabug.ch/zope/witch/ HTH! -- Regards, PhilK "Human language continually changes, innit." - Stephen Juan
participants (4)
-
Andreas Jung -
Jonathan -
Oliver Hookins -
Philip Kilner