squid后面的lighttpd日志记录用户ip的方法

By
08
Jan 2007

默认在lighttpd的accesslog里面无法记录透过squid或者apache的mod_proxy过来的用户ip地址,全都会记录到squid或者apache机器的ip地址,但是httpd头里面的用户ip其实是发送到lighttpd的,可以通过修改accesslog.format来达到目的,下面是我的格式,跟combined兼容:

[coolcode]
accesslog.format = “%{X-Forwarded-For}i %v %u %t \”%r\” %s %b \”%{User-Agent}i\” \”%{Referer}i\””
[/coolcode]

其中”%{X-Forwarded-For}i 就是记录了用户来源的ip地址

Category: Web架构/负载/性能  Tags: , , ,
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
7 Responses
  1. 喜欢BSD says:
    March 3, 2007 at 2:49 am  (Quote)

    不错的小经验,感谢楼主!

  2. flying says:
    August 27, 2007 at 10:54 am  (Quote)

    如果是一层以上代理可怎么办呀?

  3. flying says:
    August 27, 2007 at 10:55 am  (Quote)

    或者,如果是cdn服务器,既有通过squid过来的访问,也有直接从用户过来的访问,可怎么弄啊

  4. Michael says:
    August 27, 2007 at 11:54 am  (Quote)

    [Comment ID #18069 Will Be Quoted Here]

    这样的情况下,基本上都是收集squid的日志进行统计分析,而不是分析后端日志了。

  5. suchasplus says:
    October 15, 2008 at 4:02 pm  (Quote)

    呵呵
    楼主的方法不错
    不过还有一个官方方法,不需要修改accesslog.format
    启用mod_extforward即可
    mod_extforward – extract the client’s “real” IP from X-Forwarded-For header
    http://redmine.lighttpd.net/wiki/lighttpd/Docs#Options-for-mod_extforward-extract-the-clients-real-IP-from-X-Forwarded-For-header
    btw:lighttpd什么时候抛弃trac了???

  6. suchasplus says:
    October 15, 2008 at 4:13 pm  (Quote)

    [Comment ID #30234 Will Be Quoted Here]
    严格来说, X-Forwarded-For header的值不能完全信任..Lighttpd的extforword可以限定来源地址,对非信任地址直接记录成127.0.0.1
    当初测试端口转发的时候发现sina的后端apache都限定了来源地址,必须从前端squid走

  7. Michael says:
    October 16, 2008 at 7:25 am  (Quote)

    谢谢,说得很好 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image

«
»