Wednesday Nov 19, 2008

WebServer can log the end client browser's ssl capabilities in the log file

This is pretty nifty....

Apparently, the Sun WebServer can log what the end client browser's encryption capabilities.  The information is picked up during the SSL Handshake.

The %Ses->client.secret-keysize% logs the browsers encryption capablity in the access log.  This would be added to the format line of the access log (its the top line).


Friday Nov 14, 2008

How to extract and log client IP addresses to SUN WebServer when requests forward through a proxy server.

A question arose with a client site in which they wanted to know how
they could extract and log the client ip when the request forwards 
through a reverse proxy.

The situation looked liked this:

Client ------------> Reverse Proxy ------------> Web Server
Client <------------ Reverse Proxy <----------- Web Server

In order to find the IP address of the original client, they wanted to capture the
"X-Forwarded-For" header in web server access log and error log.

The way to do this is by using the custom log format available on the Sun WebServer.

If the reverse proxy is adding:

X-Forwarded-For: header to the request, the Web Server can be configured
to log that header field by adding %Req->headers.x-forwarded-for% to the access log format. 
(Note that the Web Server doesn't add an X-Forwarded-For: header when it reverse proxies requests. 
It does, however, add a Proxy-ip: header).

About

Gregory Bedigian

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today