How to Configure Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header Sent by NetScaler Appliance

This article contains information about configuring an Apache Web server to log client IP addresses based on the value contained within a custom HTTP header inserted by a NetScaler device.

Requirements

This article is relevant to a topology similar to the one depicted in the following graphic:

In this topology, the Apache Web servers are installed after one or more NetScaler appliances on the network. The traffic destined to the Web servers passes through the NetScaler appliance before reaching the Web servers.

Notes:

To configure the setup to enable the Apache Web server log the client IP addresses available in the custom HTTP header inserted by the NetScaler appliance, complete the following procedures:

1. Configuring the NetScaler Appliance to Insert Client IP Address in a Custom HTTP Header

2. Configuring the Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header

Configuring the NetScaler Appliance to Insert Client IP Address in a Custom HTTP Header

To configure the NetScaler appliance to insert the client IP address in a custom HTTP header, run the following command from the command line interface of the appliance:

> set service <Service_Name> -cip ENABLED NS-Client-IP

Repeat the preceding command for every service that requires the client IP to be logged at the Apache Web server. In the preceding command, the NetScaler-Client-IP is the header name that is appended to the request. You can specify any name for the header.

 GET / HTTP/1.1 Host: www.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive NS-Client-IP: 10.60.1.166

Configuring the Apache Web Server to Log the Client IP Address Available in the Custom HTTP Header

To configure the Apache Web server to log the client IP address in the custom HTTP header sent by the NetScaler appliance, complete the following procedure:

1. Open the /opt/apache2/conf/httpd.conf file in a text editor, such as the vi editor.
   Note: The path to the httpd.conf file might vary depending on the configuration of the Apache Web server. It is mostly available either in the <Apache_Install_Location>/conf/ or the /etc/ directory. Additionally, ensure that you make a backup of the configuration file before making any changes to it.

2. Append the following entries to the file:

    LogFormat "%{NS-Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"\"%{User-Agent}i\"" ns-access CustomLog <Lof_File_Path>/<Log_File_Name> ns-access

   Note: If the preceding entries already exist in the configuration file, then you can change the necessary changes to the entry. These entries change the parameters for an existing log file. However, if you add the preceding entries to the configuration file, then a log file is created to log client IP address with the specified parameters.

3. Save and close the configuration file.

4. Run the following command to restart the HTTP daemon:
   # /opt/apache2/bin/httpd –k restart

5. Repeat this procedure on each Apache server in the farm.

The entries for the http.conf file specified in this document are just examples. You can make the required changes to suite the preference. Refer to the Apache HTTP server documentation for more details.

Additionally, the configuration specified in this document does not make the client IP address available to the Apache Web server to process the same. If you want to make the client IP address available for processing by the Apache Web server, then refer to the Knowledge Center article Custom Header Module for Apache 2.x to Process Client IP Address for further details.