Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
2.6.19.1
-
None
Description
When using a load balancer, you can set GROUPER_APACHE_REMOTE_IP_HEADER and GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY to get the underlying originating address to Apache and Shibboleth. The Apache configuration is using the default log format which is %h for the host. If this is switched to %a, it logs the original address it gets from the remoteIp header.
It's working with a custom hook to modify the log format. But it would be good if everyone using LBs didn't need to add that.
grouperScriptHooks_setupFilesPost() {
|
if [ "$GROUPER_RUN_APACHE" = "true" ] && [ -n "$GROUPER_APACHE_REMOTE_IP_HEADER" ] && [ "$GROUPER_APACHE_REMOTE_IP_HEADER" != "" ] && [ -f /etc/httpd/conf/httpd.conf ]; then
|
echo "grouperContainer; INFO: (grouperScriptHooks.sh-grouperScriptHooks_setupFilesPost) Setting X-Forwarded-For in httpd logs"
|
sed -i '/LogFormat\b/ s/;%h %l/;%a %l/' /etc/httpd/conf/httpd.conf
|
returnCode=$?
|
echo "grouperContainer; INFO: (grouperScriptHooks.sh-grouperScriptHooks_setupFilesPost) sed -i '/LogFormat\b/ s/;%h %l/;%a %l/' /etc/httpd/conf/httpd.conf, result: $?"
|
if [ $returnCode != 0 ]; then exit $returnCode; fi
|
fi
|
return
|
}
|