Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Access GAteway
HTTP extended logging enabled on Proxy service
NetIQ Access Manager 3.2 Access GAteway
HTTP extended logging enabled on Proxy service
Situation
Access Gateway HTTP logging is enabled where one of the goals is to monitor the X-Forwarded-For HTTP header value in all incoming requests. This X-Forwarded-For flag is enabled on the extended HTTP logging profile but no log fields for the header appear in the log files - all other requested fields are logged.
To duplicate:
- Enabled extended HTTP logging for proxy service that dumps the X-Forwarded-For header
- apply changes
- Access URL under the proxy with extended logging making sure
- view the extended log generated and not that there is no cache status
2013-07-16 13:55:53 147.2.47.36 public 147.2.34.116 GET /formfill/phpinfo.php 302 164 "-" "-" "-"
2013-07-16 13:56:00 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4840 "-" "-" "147.2.16.154"
2013-07-16 13:56:43 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4762 "-" "-" "147.2.16.154"
2013-07-16 13:56:44 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4741 "-" "-" "147.2.16.154"
2013-07-16 13:56:45 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4764 "-" "-" "147.2.16.154"
The same operation on the 3.1 LAG worked great.
Looking at the config file with the logging setup at /etc/opt/novell/apache2/conf/vhosts.d/nam32vm-pxy-srvc.conf, the LogFormat does indicate a reference to the X-Forwarded-For header
LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %<u %A %m %U %>s %B \"%{Referer}i\" \"%{x-forward-for}i\" \"%{BALANCER_WORKER_IP}e\"" nam32vm-pxy-srvc-nam32vm- pxy-srvc
CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell/reverse/nam32mag-vm-revproxy/nam32vm-pxy-srvc-nam32vm-pxy-srvc.extended.log.%Y -%m-%d-%H_%M_%S\" 3600 7files" nam32vm-pxy-srvc-nam32vm-pxy-srvc env=nam32vm-pxy-srvc
Here is the sampe HTTP request that I generated
(Request-Line) GET /formfill/phpinfo.php HTTP/1.1
Host nam32app-vm.lab.novell.com
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us
Accept-Encoding gzip, deflate
Referer https://nam32app-vm.lab.novell.com
Cookie __utma=64695856.1854549277.1373976067.1373976067.1373976067.1; __utmz=64695856.1373976067.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); novell_language=en-us; SESS7fc2d76e982b2b18cf941912c33a751e=92kpvpbj2o86khhu91n1enj2g5; novell_temp_lang=en-us; ZNPCQ003-38343200=cec434a7; lb_snovell=OKODEBIJ; ZNPCQ003-36383700=47f21c8a; ZNPCQ003-32393600=ce2ade55; lb_novell=NOODEBIJ; novell_search_campaign=; novell_search_paid_keyword=; IPCZQX03bafce9af=01005f0093022f2d0bccb9c841d647d9ca59cdc5; ZNPCQ003-31353600=a1b14cc2;IPCZQX03bafce9af=01005f0093022f2d0bccb9c841d647d9ca59cdc5
X-MagDebug 1
Authorization Basic YWRtaW46bm92ZWxsMTIz
X-Forwarded-For 147.2.49.144
Connection keep-alive
Pragma no-cache
Cache-Control no-cache
To duplicate:
- Enabled extended HTTP logging for proxy service that dumps the X-Forwarded-For header
- apply changes
- Access URL under the proxy with extended logging making sure
- view the extended log generated and not that there is no cache status
2013-07-16 13:55:53 147.2.47.36 public 147.2.34.116 GET /formfill/phpinfo.php 302 164 "-" "-" "-"
2013-07-16 13:56:00 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4840 "-" "-" "147.2.16.154"
2013-07-16 13:56:43 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4762 "-" "-" "147.2.16.154"
2013-07-16 13:56:44 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4741 "-" "-" "147.2.16.154"
2013-07-16 13:56:45 147.2.47.36 cn=ncashell,o=novell 147.2.34.116 GET /formfill/phpinfo.php 200 4764 "-" "-" "147.2.16.154"
The same operation on the 3.1 LAG worked great.
Looking at the config file with the logging setup at /etc/opt/novell/apache2/conf/vhosts.d/nam32vm-pxy-srvc.conf, the LogFormat does indicate a reference to the X-Forwarded-For header
LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %<u %A %m %U %>s %B \"%{Referer}i\" \"%{x-forward-for}i\" \"%{BALANCER_WORKER_IP}e\"" nam32vm-pxy-srvc-nam32vm- pxy-srvc
CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell/reverse/nam32mag-vm-revproxy/nam32vm-pxy-srvc-nam32vm-pxy-srvc.extended.log.%Y -%m-%d-%H_%M_%S\" 3600 7files" nam32vm-pxy-srvc-nam32vm-pxy-srvc env=nam32vm-pxy-srvc
Here is the sampe HTTP request that I generated
(Request-Line) GET /formfill/phpinfo.php HTTP/1.1
Host nam32app-vm.lab.novell.com
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us
Accept-Encoding gzip, deflate
Referer https://nam32app-vm.lab.novell.com
Cookie __utma=64695856.1854549277.1373976067.1373976067.1373976067.1; __utmz=64695856.1373976067.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); novell_language=en-us; SESS7fc2d76e982b2b18cf941912c33a751e=92kpvpbj2o86khhu91n1enj2g5; novell_temp_lang=en-us; ZNPCQ003-38343200=cec434a7; lb_snovell=OKODEBIJ; ZNPCQ003-36383700=47f21c8a; ZNPCQ003-32393600=ce2ade55; lb_novell=NOODEBIJ; novell_search_campaign=; novell_search_paid_keyword=; IPCZQX03bafce9af=01005f0093022f2d0bccb9c841d647d9ca59cdc5; ZNPCQ003-31353600=a1b14cc2;IPCZQX03bafce9af=01005f0093022f2d0bccb9c841d647d9ca59cdc5
X-MagDebug 1
Authorization Basic YWRtaW46bm92ZWxsMTIz
X-Forwarded-For 147.2.49.144
Connection keep-alive
Pragma no-cache
Cache-Control no-cache
Resolution
Fixed in 3.2.2 IR1