Hej Stuart,
Stuart Henderson schrieb:
On 2007/01/29 16:21, Marian Hettwer wrote:
Is there any possible way to get the real ip addresses in my apache
access log?
Readers who didn't see the earlier posts about setting this up, they're
here: http://marc.theaimsgroup.com/?l=openbsd-misc&m=116905272009036&w=2
- it's not the standard setup with PF sitting directly on the route
between client and webserver.
That's the drawback to this method: in order to get that information
you'd need to rearrange the network so the balancer is in the IP route
between the webservers and the end users so you can skip the NATs.
If moving to a more... flexible... ISP isn't an option, you may be able
to do something with tunneling. You need to decide which method will suck
the least in your situation.
You're right. Both situations suck, but for now I'll have to go with
that cheap ISP and therefor live with having a castrated access.log
I'll buy me some security via mod_security on those remote apaches ;)
(and of course, keep my fingers crossed that no bloody botnet tries to
attack).
Cheers,
Marian
