Hi, In deep past was change Z2 logger in python source code directly.
Today I use pound logs with grep. Regards, JL. ----- Původní zpráva ----- Od: Bashar Komu: [email protected] Odesláno: 19. února 2012 19:10 Předmět: Re: [Pound Mailing List] user IP On Sun, Feb 19, 2012 at 7:26 PM, Heiko Schlittermann <[email protected]> wrote: Bashar <[email protected]> (So 19 Feb 2012 14:22:21 CET): > Hello, > We're using Pound as front for Zope and in Z2.log it shows the main IP of > Pound that forwards traffic. > > I wish to use the Domains feature under acl_users in zope to restrict > access for managers (the /manage) So how can i change/tweak it where Zope > can see the real user IP for using it in Domains option for managers? As Pound acts an a proxy on the application protocol layer, Zope will see connections originating from the Pound proxy only. But - Pound sets the X-Forwarded-For HTTP-Header. GET /test/index.html HTTP/1.0 User-Agent: Wget/1.12 (linux-gnu) Accept: */* Host: ssl.schlittermann.de X-SSL-cipher: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 X-Forwarded-For: 88.73.219.244 But - you should read about X-Forwarded-For and possibilities of its abuse and about its contents in face of proxy chains. I do not know anything about Zope, but probably you can have it trust the X-Forwarded-For headers and apply its ACLs on the base of these headers. The weird thing I dont see X-Forwarded-For HTTP-Header anywhere in Z2.log , i see something like this: 111.222.333.444 - bashar [19/Feb/2012:20:24:19 +0300] "GET /html/admin HTTP/1.1" 200 5636 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1" I remember X-Forwarded requests in Nginx sits at the end of the log entries but not the case in this log, would it be I'm using a very old pound and didn't have this feature? pound -V shows 2.1.3 Thanks, -- Bashar
