apache 日志中记录代理IP以及真实客户端IP 有大用 有大大用

说明：我用的是nginx反向代理，实际上就是在logformat中添加%{X-FORWARDED-FOR}i，下面为实验过程

一、下面是我的nginx反向代理的配置文件内容

nginx主配置主配置文件

[root@nginx-server conf]# cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    upstream lb_server {
      server 192.168.17.10;
      server 192.168.17.11;
    }
    include extra/lbserver.conf;
}

lbserver配置文件

[root@nginx-server conf]# cat extra/lbserver.conf 
server {
    location / {
        proxy_pass http://lb_server;
        proxy_set_header Host      $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

二、修改前

没有修改访问日志格式前的apache配置文件

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" common
</IfModule>

发现不能记录访问者的ip

[root@lamp-server ~]# tail -f /application/apache/logs/www-access_log 
192.168.17.13 - - [04/Dec/2016:13:40:29 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:40:31 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:40:34 +0800] "GET / HTTP/1.0" 200 35
  2.168.17.13 - - [04/Dec/2016:13:40:36 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:40:38 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:56:23 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:56:25 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:56:27 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:56:29 +0800] "GET / HTTP/1.0" 200 35
192.168.17.13 - - [04/Dec/2016:13:56:31 +0800] "GET / HTTP/1.0" 200 35

三、修改后

修改过访问日志格式后的apache配置文件

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b %{X-FORWARDED-FOR}i" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" common
</IfModule>

修改后再次访问测试

[root@lamp-server ~]# > /application/apache/logs/www-access_log        
[root@lamp-server ~]# tail -f /application/apache/logs/www-access_log 
192.168.17.13 - - [04/Dec/2016:14:04:49 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:04:51 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:04:53 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:04:55 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:04:57 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:04:59 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:05:01 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:05:03 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199
192.168.17.13 - - [04/Dec/2016:14:05:05 +0800] "GET / HTTP/1.0" 200 35 192.168.17.199

附录：我在客户机上的测试脚本

[root@myblog ~]# for n in `seq 20`;do curl www.amsilence.com;sleep 1;done;

注意：如果你在虚拟主机上面引用什么日志格式，就需要修改对应日志格式上的参数，不能改到别的日志格式上面

--------------------- 本文来自 画简 的CSDN 博客 ，全文地址请点击：https://blog.csdn.net/wusilen/article/details/53454167?utm_source=copy 

来自  https://blog.csdn.net/wusilen/article/details/53454167