This email is to be read subject to the disclaimer below.
Barry,
We are using a Cisco load balancer and the client IP addresses come up
right. Try looking at the way NAT is configured on the load balancer. It
shouldn't be changing addresses both ways.
Consider this example (I hope the ASCII graphic will come out right):
Your load balancer listens to requests on 22.22.22.22 so this will appear
to the world as your website's IP address. Additionally the load balancer
also has an internal IP of 10.0.0.1.
Your web server cluster have addresses from 10.0.0.2 to 10.0.0.254.
Your load balancer sits between the internet and the LAN all your
webservers are on and is the default gateway for that network. This enables
it to intercept all incoming and outgoing traffic between the servers and
the internet.
An user connects to your site from the address 12.34.56.78
Then the load balancer will pick one of your webserver's (private) IP
address, 10.0.0.2 and send the request through it. It has no reason to
change the client's original IP address, 12.34.56.78 so it should be left
unmodified. Your problem comes from the fact that the load balancer changes
this address where it shouldn't.
Then the webserver will respond to the request. The response will have the
client's IP address (12.34.56.78) as destination and 10.0.0.2 as the
source address.
Finally the load balancer replaces the web server's source address,
10.0.0.2 with its own external IP address, 22.22.22.22 to make the response
appear to have come from it and sends the packet on its way.
Internet LAN
Source Destination Source Destination
12.34.56.78 22.22.22.22 -> +--------+ -> 12.34.56.78 10.0.0.2
|Load |
22.22.22.22 12.34.56.78 <- |Balancer| <- 10.0.0.2 12.34.56.78
+--------+
Your configuration should be similar to the above. Let me know if there are
significant differences. Most importantly you should check the
configuration of the Load Balancer. It shouldn't be changing the client
address at all.
Cheers
Vik
---------------------
Viktor Radnai
Web Developer, National E-Commerce, Ernst & Young
Direct: +61 2 9248 4361
"Barry Moore"
<[EMAIL PROTECTED]> To: "CFAussie Mailing
List" <[EMAIL PROTECTED]>
Sent by: cc:
[EMAIL PROTECTED] Subject: [cfaussie]
logging question
mon.com.au
24/01/2003 09:02 AM
Please respond to "CFAussie
Mailing List"
We have a couple CFMX/Linux?Apache boxes setting behind a load balancer.
When we view our log information through our stats package it shows all
requests as coming from the load balancer (due to the NAT on the load
balancer). Consequently, the stats are not accurate because they see all
traffic as coming from one user. The source IP address of the request has
to be there somewhere or the response would never make it back to the
client who requested it.
Does anybody know enough about Apache logging to help us figure out how to
log the client IP address?
Barry
---
You are currently subscribed to cfaussie as:
[EMAIL PROTECTED]
To unsubscribe send a blank email to
[EMAIL PROTECTED]
MX Downunder AsiaPac DevCon - http://mxdu.com/
--------------------
NOTICE - This communication contains information which is confidential and
the copyright of Ernst & Young or a third party.
If you are not the intended recipient of this communication please delete
and destroy all copies and telephone Ernst & Young on 1800 655 717
immediately. If you are the intended recipient of this communication you
should not copy, disclose or distribute this communication without the
authority of Ernst & Young.
Any views expressed in this Communication are those of the individual
sender, except where the sender specifically states them to be the views of
Ernst & Young.
Except as required at law, Ernst & Young does not represent, warrant and/or
guarantee that the integrity of this communication has been maintained nor
that the communication is free of errors, virus, interception or
interference.
Liability limited by the Accountants Scheme, approved under the
Professional Standards Act 1994 (NSW)
--------------------
---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MX Downunder AsiaPac DevCon - http://mxdu.com/
