Sucuri CloudProxy and logging

Discussion in 'Installation/Configuration' started by lollollollol, Nov 5, 2016.

  1. lollollollol

    lollollollol Member


    I switched a domain name behind Sucuri CloudProxy there shortly.
    I managed to get the geolocation of IP visitors in Wordpress, no problem on that side.

    I cons by a problem for the site logs recorded by ispconfig:

    # cat /var/log/ispconfig/httpd/ | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20

    I only logs the IP proxy ..

    I tried to install apache2 Module remoteip:
    # a2enmod remoteip

    And I configured:
    <ifModule mod_remoteip.c>
    RemoteIPHeader HTTP_X_REAL_IP

    I also try the classic:
    RemoteIPHeader X-Forwarded-For

    Nothing to do, it is always the IP of the proxy are recorded.

    I tried to change the configuration of ispconfig in /etc/apache2/sites-available/ispconfig.conf

    I change
    LogFormat "%v %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

    No changes.
    I also try with the logging in apache.conf conf.

    I'm stuck, I can not do it...

    For information the headers contain the good informations:

    If someone has an idea how to log the ip client logs of ISPConfig it would be very cool!

    Edit: Debian Jessie UptoDate / Ispconfig 3.1.1 / Apache2 2.4.10-10+deb8u7
  2. lollollollol

    lollollollol Member

    I get it:

    In /etc/apache2/sites-available/ispconfig.conf
    LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

    # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
    # Use mod_remoteip instead.

    I don't really know why it's not recommended, and mod_remoteip isn't working with IspConfig - or I don't know how to configure it properly :-D
  3. lollollollol

    lollollollol Member

    Ok, I know now what it's really not a good idea:

    Without mod_remoteip you can't use RemoteIPTrustedProxy to avoid this:
    It is critical to only enable this behavior from intermediate hosts (proxies, etc) which are trusted by this server, since it is trivial for the remote useragent to impersonate another useragent.

    So... I'm still stuck!
  4. lollollollol

    lollollollol Member

    I was in wrong forum, sorry.
    If a moderator could delete this thread... Thank you.

Share This Page