mod-security-users

[mod-security-users] log X-Forwarded-For Ip in modsecurity3

[Henrik R. <ro...@ds...>]

Hello,

i am new to modsecurity and just started with modsecurity3 and apache on 
FreeBSD.

i want to log the X-Forwarded-For Ip if a rule matches, but remote.addr 
ist only returning the IP of our revere Proxy. Apache is configured wit 
mod_remoteip and shows the right client ip. In modsecurity 2 there seems 
to be "useragent_ip" to access these adress but this isnt working in 
modsecurity3. What is the right approach to log the right client ip with 
modsecurity3?

Greetings, Henrik Rosenke

Re: [mod-security-users] log X-Forwarded-For Ip in modsecurity3

[Christian F. <chr...@ne...>]

Hey Henrik,

I get the feeling you never got a response for this.

ModSec3 on Apache is not stable. The connector is in beta. It's better you run
ModSec2 on Apache, which is also the reference platform for the Core Rule Set.

I am not entirely sure, but I would not be surprised if your problem would go
away with the downgrade too.

Ahoj,

Christian

On Wed, Nov 04, 2020 at 11:48:42AM +0100, Henrik Rosenke wrote:
> Hello,
> 
> i am new to modsecurity and just started with modsecurity3 and apache on
> FreeBSD.
> 
> i want to log the X-Forwarded-For Ip if a rule matches, but remote.addr ist
> only returning the IP of our revere Proxy. Apache is configured wit
> mod_remoteip and shows the right client ip. In modsecurity 2 there seems to
> be "useragent_ip" to access these adress but this isnt working in
> modsecurity3. What is the right approach to log the right client ip with
> modsecurity3?
> 
> Greetings, Henrik Rosenke
> 
> 
> 
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/