top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Apache not recording client addresses correctly

+1 vote
338 views

I'm investigating a problem on an older server, and something strange is going on. Instead of the correct client address being logged in /var/httpd/*log, an apparently random address is logged instead.
E.g. 98.144.147.0, 98.208.248.0, 98.144.141.0

Every client is logged as the same address. If I restart httpd, this address changes.

This is httpd-2.0.63 with php-4.3.9 running on CentOS 4.6. The RPMs for httpd and PHP verify OK, with the exception of httpd.conf and php.ini - i.e., the httpd server and libraries (and also all the dynamic libraries httpd is linked with) appear to be intact.

The address of open connections is returned correctly with netstat.

posted Sep 30, 2013 by Meenal Mishra

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button
Any chance someone is accessing your web site from a cell phone instant  messaging service?
That seems very unlikely.

If I connect from two different machines here, with 142.90/16 addresses,  both connections are logged as 98.32.133.0, or 98.32.18.0 etc. Which are subnet addresses, not host addresses.

huh! wtf? - if I enable /server-status, the correct address for the  client asking for /server-status, is not just logged, but resolved, even though HostnameLookups is off. But other requests still get the 98.32  address.
This reverse resolution will almost certainly be because you are restricting access to that location (/server-status) by name rather than by IP address (perhaps inadvertently).

It doesn't explain what you are seeing for other locations, unfortunately. Are you using any third-party modules?

Similar Questions
+2 votes

My Apache server host few applications something like :

/var/www/A
/var/www/B

I would like to trace access for a specific application, eg. A. Is it possible?

Or should I use 'LogLevel info' and so log all applications into access.log file (then parsing for specific web page) ?

My config for logging is :

..
ErrorLog /var/log/apache2/error.log
LogLevel info
CustomLog /var/log/apache2/access.log combined
..
+2 votes

I'm trying to use the new If directive present from Apache 2.4, to configure an htaccess based authentication for a specific Location based to the client IP address. If a client hasn't an IP address related to the internal VLAN, I would set the password access.

What is the correct syntax to have this configuration? I noticed on the documentation that there is the "-ipmatch" condition, but I don't understand well this feature.

0 votes

Running Apache 2.4.7 and current configuration limiting access to a directory to only clients that can provide a trusted client certificate. Server is SSL host. Would like to modify configuration to allow "local" clients (127.0.0.1, etc. as defined by Require local auth provider) to access the directory without authenticating with a client certificate. So the local host may access the directory without SSL client auth, but all others must authenticate with a client certificate or access is forbidden. What is the best/proper way to do this?

I would like to use modern directives (avoiding Allow, Deny, Order etc. from mod_access_compat) but I am not clear how to combine Require related directives with mod_ssl options like SSLVerifyClient.

Thanks in advance?

+3 votes

I have Apache 2.4 (win32) and have the following in my CA bundle.

Root 1
Subordinate 1
Subordinate 2

My server was signed off Subordinate 1, When I do openssl s_client -connect server:443, it shows both Subordinate 1 and Subordinate 2 in the acceptable CA names.

If I remove Subordinate 2 from the bundle, It only shows Subordinate 1 as a acceptable CA. However, if I remove Subordinate 1, it still shows as an acceptable CA.

It seems httpd references not only cabundle/cafiles but also certs in the Chain file. as acceptable CAs.

Is it possible to prevent a user signed off Subordinate 1 from using client certificate authentication while the server cert is issued off Subordinate 1?

+1 vote

I have an idea how to setup Apache for doing load balancer based on mod_proxy and mod_balance modules. But in my case the backend server requires ssl client certificate authentication and therefore the Apache Server cannot terminate the ssl connection.

I do no need http session cookie stickyness. The application is stateless. Can I somehow configure Apache as a transparent balancer?

Or I should use even another software - squid, iptables? The backend application is a web service running on Tomcat.

...