Re: [mod-security-users] Logging real ip behind proxy
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Logging real ip behind proxy
|
From: Eero V. <eer...@ik...> - 2019-01-02 18:31:12
|
Hi.
Take look of REQUEST-901-INITIALIZATION.con
I think this line takes care of ip address pickup:
SecAction \
"id:901321, \
phase:1, \
t:none, \
initcol:global=global, \
initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
setvar:tx.real_ip=%{remote_addr}, \
nolog, \
You need to replace it with correct variable?
Eero
On Wed, Jan 2, 2019 at 7:30 PM Alexandros Kyrlis <ale...@me...> wrote:
> I have already replaced the REMOTE_ADDR var with {HTTP_CF_Connecting_IP}
> using IIS rewrite.
> It works.
>
> using PHP:
>
> echo ($_SERVER['REMOTE_ADDR']);
>
> Returns the real client IP address.
>
> But mod_security still uses the ip of the proxy. I do not know why.
>
>
> On 2 Ιαν 2019, at 19:03, Eero Volotinen <eer...@ik...> wrote:
>
> how about this:
> http://www.loadbalancer.org/blog/iis-and-x-forwarded-for-header/
>
> Eero
>
> Alexandros Kyrlis via mod-security-users <
> mod...@li...> kirjoitti ke 2. tammik. 2019
> klo 19.00:
>
>> Hello,
>> I'm using Mod Security with IIS 10.
>> When a rule is triggered, mod security creates an event log on event
>> viewer on Windows.
>> This log contais the REMOTE_ADDR value, but since we are behind a proxy
>> (Cloudflare) i would like it to log a custom header (CF_Connecting_IP) so
>> we get the real client IP.
>> Is it possible to do that?
>> Thanks
>> Alex
>>
>>
>>
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>> http://www.modsecurity.org/projects/commercial/rules/
>> http://www.modsecurity.org/projects/commercial/support/
>>
>
>
|
