ENABLE LOGGING OF THE X-FORWARDED-FOR HEADER

LOGGING OF THE X-FORWARDED-FOR HEADER



The dev-opes team , struggles to find the end user IP while working / troubleshooting the DOS, D-DOS attacks/issue. 

To troubleshoot such issue first thing you need to do is , log the end user IP. 

Please follow the steps to do the same. 

In the Apache HTTP Server's access_log, add this to the httpd.conf file in the dispatcher servers:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

In Microsoft IIS add X-Forwarded-For in the "Advanced Logging" configuration.

That would log the correct end-user IP.

Use the output showing the IP and User-Agent to analyse whether it is a malicious attack and block the offending IPs if it makes sense.

2. SET DISPATCHER.LOG'S LOG LEVEL TO DEBUG:

Apache:
In the httpd configuration files there should be a section for the dispatcher.  

Set DispatcherLogLevel to 3

DispatcherLogLevel 3

IIS:

Modify the dis_iis.ini and set the log level to 3:

loglevel=3

Comments

Popular Posts

how to clear dispatcher cache in aem ?

AdobeDispatcherHacks ".statfile"

AEM Security Headers

How Does S3 works with AEM ?

How to Increase Apache Request Per Second ?

Configure/Decoding AEM AuditLogs

How to Sync HMAC in AEM ?

Dispatcher flush from AEM UI

curl command AEM package filter addition creation

How to configure s3 in AEM ?