[Zope] Re: Access log & trusted proxy

[Tres Seaver]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phillip Hutchings wrote:
| On Mon, 21 Mar 2005 12:40:48 -0000 (GMT), Robert (Jamie) Munro
| <jamie at textmatters.com> wrote:
|
|>Is it possible to get zope's access log (Z2.log) to log the IP address of
|>the original client, rather than that of the proxy when the proxy is
|>listed as a trusted-proxy. Currently, my log files have all clients as
|>127.0.0.1, which isn't very helpful when analysing the logs.
|
|
| No, because the proxy initialises a new connection to the Zope server,
| so the connection to Zope actually does come from 127.0.0.1, not the
| client. Get your proxy to log, it's easier.

Actually, there is a configuration option which tells Zope to trust the
"X-Forwarded-For" header from particular proxies:

# Directive: trusted-proxy
#
# Description:
#  Define one or more 'trusted-proxies' directives, each of which is a
#  hostname or an IP address.  The set of definitions comprises a list
#  of front-end proxies that are trusted to supply an accurate
#  X-Forwarded-For header to Zope.  If a connection comes from
#  a trusted proxy, Zope will trust any X-Forwarded header to contain
#  the user's real IP address for the purposes of address-based
#  authentication restriction.
#
# Default: unset
#
# Example:
#
#    trusted-proxy www.example.com
#    trusted-proxy 192.168.1.1


I don't know whether that setting has any effect on the address used by
the access log, however.

Tres.
- --
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCP0HTGqWXf00rNCgRAqpYAJ9rjMlyjMhYzkaXlhA2eWGiYvf41ACgn4k7
P9W+du/+e2kP0zY6Bnoh9WE=
=kZeq
-----END PGP SIGNATURE-----