Re: any way to get IIS to log X-Forward-For instead of REMOTE_ADDR?

Russ Lavoy wrote:
> In the Linux world and my current configuration, I use
> mod_extract_forwarded2 to get the "X-Forwarded-For"
> header before Apache AND before modsecurity.
>   

Just to clarify, I think the difference between using  
mod_extract_forward and my "fiddle" with LogFormat is that my way only 
changes what gets logged in the logfile, whereas mod_extract_forward 
changes *what Apache thinks is the actual REMOTE_ADDR* - so it can be 
used to bring Apache ACLs/etc back into line too. However in my case all 
I want is the logfiles changed - so LogFormat is for me 

Whoops. One thing I forgot. You need a "RequestHeader unset 
X-Forwarded-For" above the LogFormat/etc lines I gave, otherwise a 
hacker could alter/corrupt what gets logged as HTTP headers are merged. 
So remove any occurrences first, then log 

Jason

--

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference