ISPConfig && Sucuri CloudProxy && IP logging

Discussion in 'Installation/Configuration' started by lollollollol, Nov 5, 2016.

  1. lollollollol

    lollollollol Member

    Hello,

    I switched a domain name behind Sucuri CloudProxy there shortly.
    I managed to get the geolocation of IP visitors in Wordpress, no problem on that side.

    I cons by a problem for the site logs recorded by ispconfig:

    # cat /var/log/ispconfig/httpd/my_domain.com/access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20
    1402 185.93.228.2
    273 185.93.230.2
    27 185.93.229.2
    25 192.88.135.2
    etc.

    I only logs the IP proxy ..

    I tried to install apache2 Module remoteip:
    # a2enmod remoteip

    And I configured:
    <ifModule mod_remoteip.c>
    RemoteIPHeader HTTP_X_SUCURI_CLIENTIP
    RemoteIPHeader HTTP_X_FORWARDED_FOR
    RemoteIPHeader HTTP_X_REAL_IP
    </ifModule>

    I also try the classic:
    RemoteIPHeader X-Forwarded-For

    Nothing to do, it is always the IP of the proxy are recorded.

    I tried to change the configuration of ispconfig in /etc/apache2/sites-available/ispconfig.conf

    I change
    LogFormat "%v %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    by
    LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

    No changes.
    I also try with the logging in apache.conf conf.

    I'm stuck, I can not do it...

    For information the headers contain the good informations:
    $_SERVER['HTTP_X_SUCURI_CLIENTIP'] 142.68.128.163
    $_SERVER['HTTP_X_REAL_IP'] 142.68.128.163
    $_SERVER['HTTP_X_FORWARDED_PROTO'] https
    $_SERVER['HTTP_X_FORWARDED_FOR'] 142.68.128.163

    If someone has an idea how to log the ip client logs of ISPConfig it would be very cool!

    Edit: Debian Jessie UptoDate / Ispconfig 3.1.1 / Apache2 2.4.10-10+deb8u7

    I Posted in the wrong Forum... https://www.howtoforge.com/community/threads/sucuri-cloudproxy-and-logging.74589/
     
  2. lollollollol

    lollollollol Member

    I get it:

    In /etc/apache2/sites-available/ispconfig.conf
    LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

    But:
    # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
    # Use mod_remoteip instead.

    https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
    It is critical to only enable this behavior from intermediate hosts (proxies, etc) which are trusted by this server, since it is trivial for the remote useragent to impersonate another useragent.

    So... I'm still stuck!
     
  3. lollollollol

    lollollollol Member

Share This Page