Posts

Showing posts with the label X-FORWARDED-FOR

ENABLE LOGGING OF THE X-FORWARDED-FOR HEADER

Image
LOGGING OF THE X-FORWARDED-FOR HEADER The dev-opes team , struggles to find the end user IP while working / troubleshooting the DOS, D-DOS attacks/issue.  To troubleshoot such issue first thing you need to do is , log the end user IP.  Please follow the steps to do the same.  In the Apache HTTP Server's access_log, add this to the httpd.conf file in the dispatcher servers: LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent In Microsoft IIS add X-Forwarded-For in the  "Advanced Logging"  configuration. That would log the correct end-user IP. Use the output showing the IP and User-Agent to analyse whether it is a malicious attack and block the offending IPs if it makes sense. 2. SET DISPATCHER.LOG'S LOG LEVEL TO DEBUG: