[Zope] Re: Access log & trusted proxy

Tres Seaver tseaver at zope.com
Tue Mar 22 10:16:50 EST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert (Jamie) Munro wrote:

| Tres Seaver wrote:
|>Actually, there is a configuration option which tells Zope to trust the
|
| "X-Forwarded-For" header from particular proxies:
|
|># Directive: trusted-proxy
|
| [snip details]
|
|> I don't know whether that setting has any effect on the address
|> used by the access log, however.
|
| I know that - I even mentioned it in my post, and it doesn't affect what
| is used in the access log. I think it should, or at least configurably
| should.

Sorry, I was trying to correct an impression from Phillip's post.

| I can't find any documentation on what you can put in the log's
| "format" directive apart from %(message)s, but this would seem to be the
| place to put it.
|
| Getting apache to log works well, but we are using squid for a proxy, and
| getting it to log is not so easy - at least not if you want the extra
| things in the detailed logs like reffering pages, browser types and user
| names.

Squid supports the "common" log format, as well as user-defined log
format strings (in 2.5.x):

~  http://devel.squid-cache.org/customlog/

| As there didn't seem to be any existing solutions we've had a look at
| zope's internals, and made a patch that logs the last address from the
| x-forwarded-for header, rather than the IP address of the proxy where
| available. I've attached it to this message. As zope is deployed behind a
| proxy probably 99% of the time, it seems like a good way to work. I've
| attached the patch below.

Could you open a collector issue, and upload your patch, so that it
doesn't get lost in the sea of mail?

~  http://www.zope.org/Collectors/Zope

Thanks!

Tres.
- --
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCQDbiGqWXf00rNCgRAkQWAJ97Tn9eAZdhAjRblB1Sreh6HN74bQCfa/b4
46IeVrnh782JqtGjWL7Ykos=
=E+SL
-----END PGP SIGNATURE-----

More information about the Zope mailing list