On Tue, Sep 25, 2012 at 11:05 PM, Willy Tarreau <[email protected]> wrote:
> Hi Scott,
[snip]
> There was a bug more or less related to this in 1.5-dev11, what's your
> version ? The bug was not exactly the same, though log format was changed
> and possibly disabled in some conditions.
1.4.16 currently
>> now the question: is there a method to log (as you can see I'm
>> attempting above) multiple cookies in log output?
>
> Right now, either you use "capture cookie" which logs exactly one cookie
> in both requests and responses (almost useless, was developped to track
> an application bug which was causing session crossing by sending a wrong
> cookie in some responses), or you can use "capture request header" and
> log the full Cookie header, but be careful, this can be large sometimes.
>
>> what about arbitrary cookie names?
>
> There is no such thing right now, though it should not be terribly
> difficult to implement since we already have the fetch functions for
> cookies.
if I "capture request header Cookie" and multiple cookies are passed,
will I get only the first instance of the last unique cookie value (as
with "capture request header X-Forwarded-For") or will I get all
cookies?
> So in practice, if your visitors pass through a chain of squids which
> each set an XFF header, you'll get the whole chain. The only issue you'll
> get is if some of the last proxies add a line of their own (as haproxy
> does), in which case you'll only get this line. But quite frankly, this
> is not common at all. And if you pass through some proxies in your
> infrastructures, most often they fold them again.
what I'm seeing right now is that Apache (final destination for the
requests I'm trying to log) outputs in its access_log a chain of XFFs
with 3-4 IPs per HTTP request, but haproxy emits only the last IP in
the XFF chain to syslog when using "capture request header
X-Forwarded-For len 63" (again, with haproxy-1.4.16)
thanks Willy - I was told that you monitored the list closely and were
quick on the replies; nice to see that reputation was well-deserved.
--
Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527
Less and less is done
until non-action is achieved
when nothing is done, nothing is left undone.
-- the Tao of Sysadmin
