How to Configure Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header Sent by NetScaler Appliance

How to Configure Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header Sent by NetScaler Appliance

book

Article ID: CTX109350

calendar_today

Updated On:

Description

This article contains information about configuring an Apache Web server to log client IP addresses based on the value contained within a custom HTTP header inserted by a NetScaler device.

Requirements

This article is relevant to a topology similar to the one depicted in the following graphic:
User-added image
In this topology, the Apache Web servers are installed after one or more NetScaler appliances on the network. The traffic destined to the Web servers passes through the NetScaler appliance before reaching the Web servers.

Notes:

  • The graphic depicts a two-arm configuration. However, this document is also relevant to a one-arm configuration.
  • In this document, it is assumed that the NetScaler appliance is configured correctly so that it is possible to access content on the Web servers through an HTTP request to a public virtual IP (VIP) address of the NetScaler appliance. This might require Domain Name System (DNS) entries to be mapped to a DNS address, such as www.example.com, to the VIP address.
  • This module is tested on Apache versions 1.3 and 2.0.
  • In this document the IP address 10.2.3.4 is considered as a public IP address.

Background

In the scenario depicted in the preceding graphic, at the network layer the HTTP requests to the Web servers appear to originate from the mapped IP (MIP) address of the NetScaler appliance. The source IP address in the request packets is set to the MIP, such as 10.5.6.7 in the example.

In most configurations, the responses from the Web servers pass through the NetScaler appliance, which reverses the address translation before forwarding the response to the client. This ensures that the internal Web servers are hidden from the client, who can access only the VIP address of the appliance, such as 10.2.3.4 in the example.

The issue with this configuration is that the Web server logs show the MIP address 10.5.6.7 for all client requests. This may not be desirable in environments that require the IP address of all Web accesses to be logged for accounting, security, or any other purpose.

Instructions

To configure the setup to enable the Apache Web server log the client IP addresses available in the custom HTTP header inserted by the NetScaler appliance, complete the following procedures:

  1. Configuring the NetScaler Appliance to Insert Client IP Address in a Custom HTTP Header

  2. Configuring the Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header

Configuring the NetScaler Appliance to Insert Client IP Address in a Custom HTTP Header

To configure the NetScaler appliance to insert the client IP address in a custom HTTP header, run the following command from the command line interface of the appliance:

> set service <Service_Name> -cip ENABLED NS-Client-IP

Repeat the preceding command for every service that requires the client IP to be logged at the Apache Web server. In the preceding command, the NetScaler-Client-IP is the header name that is appended to the request. You can specify any name for the header. 
GET / HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
NS-Client-IP: 10.60.1.166

Configuring the Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header

To configure the Apache Web server to log the client IP address in the custom HTTP header sent by the NetScaler appliance, complete the following procedure:

  1. Open the /opt/apache2/conf/httpd.conf file in a text editor, such as the vi editor.
    Note: The path to the httpd.conf file might vary depending on the configuration of the Apache Web server. It is mostly available either in the <Apache_Install_Location>/conf/ or the /etc/ directory. Additionally, ensure that you make a backup of the configuration file before making any changes to it.

  2. Append the following entries to the file:

    LogFormat "%{NS-Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" ns-access
CustomLog <Lof_File_Path>/<Log_File_Name> ns-access

    Note: If the preceding entries already exist in the configuration file, then you can change the necessary changes to the entry. These entries change the parameters for an existing log file. However, if you add the preceding entries to the configuration file, then a log file is created to log client IP address with the specified parameters.

  3. Save and close the configuration file.

  4. Run the following command to restart the HTTP daemon:
    # /opt/apache2/bin/httpd –k restart

  5. Repeat this procedure on each Apache server in the farm.

Issue/Introduction

This article contains information about configuring an Apache Web server to log client IP addresses based on the value contained within a custom HTTP header inserted by a NetScaler device.

Additional Information

The entries for the http.conf file specified in this document are just examples. You can make the required changes to suite the preference. Refer to the Apache HTTP server documentation for more details.

Additionally, the configuration specified in this document does not make the client IP address available to the Apache Web server to process the same. If you want to make the client IP address available for processing by the Apache Web server, then refer to the Knowledge Center article Custom Header Module for Apache 2.x to Process Client IP Address for further details.

Powered by Wolken Software