Hi Yann
unfortunately that makes no difference.
It don't works even if I only try to block one ip-address like this: SetEnvIf
Remote_Addr "1\.2\.3\.1" wav
but the output is slighly different (see below)
LogFormat "%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b
\"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/ssl_access_log" combined env=!forwarded
CustomLog "logs/ssl_access_log" proxy env=forwarded
SetEnvIf Remote_Addr "1\.2\.3\.1" wav
CustomLog "logs/ssl_access_log" proxy env=!waf
before (deny two ip's):
10.1.2.1 - - [06/Oct/2017:08:37:12 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:13 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:37:17 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:18 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:37:22 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
after (deny one ip):
10.1.2.1 - - [06/Oct/2017:08:37:32 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- 10.1.2.1 - - [06/Oct/2017:08:37:32 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.2 - - [06/Oct/2017:08:37:33 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- 10.1.2.2 - - [06/Oct/2017:08:37:33 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:37:37 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- 10.1.2.1 - - [06/Oct/2017:08:37:37 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
if I delete %h in the proxy definition I get:
10.1.2.2 - - [06/Oct/2017:08:45:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- - - [06/Oct/2017:08:45:23 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.1 - - [06/Oct/2017:08:45:27 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- - - [06/Oct/2017:08:45:27 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
10.1.2.22 - - [06/Oct/2017:08:45:28 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
- - - [06/Oct/2017:08:45:28 +0200] "HEAD / HTTP/1.0" 301 - "-" "-"
(one time the request ist logged with the ip and ontime without...:-( )
best
m
> Gesendet: Donnerstag, 05. Oktober 2017 um 17:16 Uhr
> Von: "Yann Ylavic" <[email protected]>
> An: [email protected]
> Betreff: Re: [users@httpd] X-Forward-For in ssl_access_log / apache behind WAF
>
> Hi,
>
> On Thu, Oct 5, 2017 at 11:11 AM, Morel Mosolff <[email protected]> wrote:
> >
> > #part 2:
> > SetEnvIf Remote_addr ("1\.2\.3\.1"|"1\.2\.2\.2") waf
> > CustomLog "logs/ssl_access_log" proxy env=!waf
>
> Did you try without the quotes, for instance:
> SetEnvIf Remote_addr ^(1\.2\.3\.1|1\.2\.2\.2)$ waf
> ?
>
> Regards,
> Yann.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
