On 24 Jan 2013, at 20:02, Stefan Fritsch <[email protected]> wrote: > The problem seems to be ap_get_remote_host() which is used by the %h > used in the default access log format. But resolving an IP address > that came via X-Forwarded-For does not make any sense anyway, because > the server's view of DNS may be different than the proxy's view. > > If you use %a instead of %h, that should do the right thing. There is > also a "%{c}a" to get the proxy's IP. > > That's rather confusing. Any opionions if the behavior should be > changed or if this should be fixed by documentation?
As soon as you enable mod_remoteip, you are in the world of proxies and load balancers, and by definition you have at least two ip addresses, the address of the load balancer, and the address of the host beyond the load balancer. It is up to the administrator to decide which IP address they want to log, the load balancer IP, or the IP of the host beyond. We currently offer that option based on the principal of least surprise, to log the downstream host IP address, as it is the address that the AAA subsystem probably cares about the most. It is also up to third party module authors to properly handle the two IPs, and offer the end user sensible behaviour. Load balancers are a first class concept properly recognized by httpd in 2.4, and is no longer the "request hacks the parent connection" that was going on before. Regards, Graham --
