squid后面的lighttpd日志记录用户ip的方法

默认在lighttpd的accesslog里面无法记录透过squid或者apache的mod_proxy过来的用户ip地址,全都会记录到squid或者apache机器的ip地址,但是httpd头里面的用户ip其实是发送到lighttpd的,可以通过修改accesslog.format来达到目的,下面是我的格式,跟combined兼容:

accesslog.format  = "%{X-Forwarded-For}i %v %u %t \"%r\" %s %b  \"%{User-Agent}i\" \"%{Referer}i\""

其中”%{X-Forwarded-For}i 就是记录了用户来源的ip地址

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
7 Responses
  1. 喜欢BSD says:

    不错的小经验,感谢楼主!

  2. flying says:

    如果是一层以上代理可怎么办呀?

  3. flying says:

    或者,如果是cdn服务器,既有通过squid过来的访问,也有直接从用户过来的访问,可怎么弄啊

  4. Michael says:

    [Comment ID #18069 Will Be Quoted Here]

    这样的情况下,基本上都是收集squid的日志进行统计分析,而不是分析后端日志了。

  5. suchasplus says:

    呵呵
    楼主的方法不错
    不过还有一个官方方法,不需要修改accesslog.format
    启用mod_extforward即可
    mod_extforward – extract the client’s “real” IP from X-Forwarded-For header
    http://redmine.lighttpd.net/wiki/lighttpd/Docs#Options-for-mod_extforward-extract-the-clients-real-IP-from-X-Forwarded-For-header
    btw:lighttpd什么时候抛弃trac了???

  6. suchasplus says:

    [Comment ID #30234 Will Be Quoted Here]
    严格来说, X-Forwarded-For header的值不能完全信任..Lighttpd的extforword可以限定来源地址,对非信任地址直接记录成127.0.0.1
    当初测试端口转发的时候发现sina的后端apache都限定了来源地址,必须从前端squid走

  7. Michael says:

    谢谢,说得很好 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image