[Zope] Re: Access log & trusted proxy

Robert (Jamie) Munro jamie at textmatters.com
Tue Mar 22 09:06:00 EST 2005


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Phillip Hutchings wrote:
> | On Mon, 21 Mar 2005 12:40:48 -0000 (GMT), Robert (Jamie) Munro |
<jamie at textmatters.com> wrote:
> |
> |>Is it possible to get zope's access log (Z2.log) to log the IP address of
> |>the original client, rather than that of the proxy when the proxy is
|>listed as a trusted-proxy. Currently, my log files have all clients as
|>127.0.0.1, which isn't very helpful when analysing the logs.
> |
> |
> | No, because the proxy initialises a new connection to the Zope server,
| so the connection to Zope actually does come from 127.0.0.1, not the |
client. Get your proxy to log, it's easier.
>
> Actually, there is a configuration option which tells Zope to trust the
"X-Forwarded-For" header from particular proxies:
>
> # Directive: trusted-proxy

[snip details]

> I don't know whether that setting has any effect on the address used by
the access log, however.

I know that - I even mentioned it in my post, and it doesn't affect what
is used in the access log. I think it should, or at least configurably
should. I can't find any documentation on what you can put in the log's
"format" directive apart from %(message)s, but this would seem to be the
place to put it.

Getting apache to log works well, but we are using squid for a proxy, and
getting it to log is not so easy - at least not if you want the extra
things in the detailed logs like reffering pages, browser types and user
names.

As there didn't seem to be any existing solutions we've had a look at
zope's internals, and made a patch that logs the last address from the
x-forwarded-for header, rather than the IP address of the proxy where
available. I've attached it to this message. As zope is deployed behind a
proxy probably 99% of the time, it seems like a good way to work. I've
attached the patch below.

Robert (Jamie) Munro

-------------- next part --------------
A non-text attachment was scrubbed...
Name: zope-proxy-log.patch
Type: application/octet-stream
Size: 819 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20050322/7a2d175b/zope-proxy-log.obj


More information about the Zope mailing list