On page 50 Chapter 4 of the modsecurity_handbook (March 2010 – Aug 2010 Dev edition) about logging it states the debug metadata is the time and the client’s IP address. However in my logs it appears to always be the IP address on which apache is listening i.e. the server’s address.


So is this a typo in the handbook  and it is the server IP address really or could this be some artefact of the proxy/firewall/nat etc? I do see the right IP address in the apache access log and the modsec_audit.log





Simon Stanford


This e-mail message is intended for the above named recipient(s) only.
It may contain confidential information that is privileged. If you are not
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this e-mail and any attachment(s) is strictly
prohibited. If you have received this e-mail by error, please
immediately notify the sender by replying to this e-mail and deleting the
message including any attachment(s) from your system. Thank you in
advance for your cooperation and assistance.Although the company has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.