Commit e1bee4a4 authored by Patrick Gerken's avatar Patrick Gerken

(fix) LP #143352 Log the client ip in proxy case

This implements the idea of the patch from
https://bugs.launchpad.net/zope2/+bug/143352
but also honours the trusted-proxy setting.
parent 7a92c720
...@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/ ...@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/
2.13.22 (unreleased) 2.13.22 (unreleased)
-------------------- --------------------
- LP #143352: Logging of client IP rather than the IP of the Proxy.
Please be aware that this only logs the real client ips to Z2.log,
if you set you proxy as a trusted-proxy in zope.conf
2.13.21 (2013-07-16) 2.13.21 (2013-07-16)
-------------------- --------------------
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
# All Rights Reserved. # All Rights Reserved.
# #
RCS_ID = '$Id$' RCS_ID = '$Id: http_server.py 121227 2011-04-03 16:39:36Z hannosch $'
# python modules # python modules
import os import os
...@@ -40,6 +40,16 @@ from urllib import unquote ...@@ -40,6 +40,16 @@ from urllib import unquote
# Request Object # Request Object
# =========================================================================== # ===========================================================================
# The trusted_proxies configuration setting contains a sequence
# of front-end proxies that are trusted to supply an accurate
# X_FORWARDED_FOR header. If a request comes from a trusted proxy
# and contains an X_FORWARDED_FOR header, the address provided by
# X_FORWARDED_FOR will be logged
# The ZConfig machinery may sets this attribute on initialization
# if any trusted-proxies
trusted_proxies = []
class http_request: class http_request:
# default reply code # default reply code
...@@ -270,6 +280,12 @@ class http_request: ...@@ -270,6 +280,12 @@ class http_request:
tz_for_log tz_for_log
def log (self, bytes): def log (self, bytes):
origin = self.channel.addr[0]
if origin in trusted_proxies and self.get_header('x-forwarded-for'):
forwarded = self.get_header('x-forwarded-for')
forwarded = forwarded.split(',')[-1].strip()
if forwarded:
origin = forwarded
user_agent=self.get_header('user-agent') user_agent=self.get_header('user-agent')
if not user_agent: user_agent='' if not user_agent: user_agent=''
referer=self.get_header('referer') referer=self.get_header('referer')
...@@ -288,7 +304,7 @@ class http_request: ...@@ -288,7 +304,7 @@ class http_request:
name = t[0] name = t[0]
self.channel.server.logger.log ( self.channel.server.logger.log (
self.channel.addr[0], origin,
'- %s [%s] "%s" %d %d "%s" "%s"\n' % ( '- %s [%s] "%s" %d %d "%s" "%s"\n' % (
name, name,
self.log_date_string (time.time()), self.log_date_string (time.time()),
......
...@@ -173,11 +173,13 @@ def root_handler(config): ...@@ -173,11 +173,13 @@ def root_handler(config):
# set up trusted proxies # set up trusted proxies
if config.trusted_proxies: if config.trusted_proxies:
from ZPublisher import HTTPRequest from ZPublisher import HTTPRequest
from ZServer.medusa import http_server
# DM 2004-11-24: added host name mapping (such that examples in # DM 2004-11-24: added host name mapping (such that examples in
# conf file really have a chance to work # conf file really have a chance to work
mapped = [] mapped = []
for name in config.trusted_proxies: mapped.extend(_name2Ips(name)) for name in config.trusted_proxies: mapped.extend(_name2Ips(name))
HTTPRequest.trusted_proxies = tuple(mapped) HTTPRequest.trusted_proxies = tuple(mapped)
http_server.trusted_proxies = tuple(mapped)
# set the maximum number of ConflictError retries # set the maximum number of ConflictError retries
if config.max_conflict_retries: if config.max_conflict_retries:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment