apache logging, XFF and proxypass...



apache 2.2.22
centos 5.8

We are running several virtual Hosts in an apache config. The
majority of them use mod_jk for a backend ajp connection, whilst a few
use ProxyPass to http backends

using LogFormat directives

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i
\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" proxy
LogFormat "%{X-Forwarded-For}i " proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded


and VH configs including
ErrorLog "logs/errors"
CustomLog "logs/access" combined env=!forwarded
CustomLog "logs/access" proxy env=forwarded

For the mod_jk connections the logs are great...


192.168.52.139 - - [28/May/2012:15:27:30 +0100] "GET /for..

with the IP of ONLY the originating client being logged.

However... for proxypass type VHs.. the logs end up with

192.168.52.213, 192.168.61.63 - - [28/May/2012:15:38:44 +0100] "GET /
ltr/i

Delving into it all, it appears that for proxypass the XFF header
shifts along the entire path if IPs - client,proxy1 etc to the
backend. Now that's all well and good for passing to the backend...
but its useless for logging an original single client IP on the proxy
itself. It seems that what it prepares for the backend it uses itself
- which is not what is required.


ie client --> traffic manager --> apache proxy --> backend
I want to log the client IP in the apache proxy logs - NOT
client IP + traffic manager IP

How can I get over this?

cheers

ian
.