Comments (4)
Hey, thanks for letting me know! Do you mind sharing a few lines from your access log so I can check out the latest changes?
from goaccess.
Direct access without loadbalancer / proxy:
{"level":"info","ts":1703415994.3220897,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"X.X.X.X","remote_port":"49570","client_ip":"X.X.X.X","proto":"HTTP/1.1","method":"GET","host":"Y.Y,Y,Y:8080","uri":"/index.php","headers":{"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7,fr;q=0.6,es;q=0.5,it;q=0.4,ar;q=0.3,zh-CN;q=0.2,zh;q=0.1,da;q=0.1,sv;q=0.1,nl;q=0.1,fi;q=0.1,de;q=0.1,el;q=0.1,id;q=0.1,he;q=0.1,ja;q=0.1,ms;q=0.1,ru;q=0.1,pt;q=0.1"],"Connection":["keep-alive"],"Dnt":["1"]}},"bytes_read":0,"user_id":"","duration":0.000010499,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
client_ip = remote_ip = my public IP
Using loadbalancer / proxy:
{"level":"info","ts":1703416013.6445792,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"172.71.190.23","remote_port":"48104","client_ip":"X.X.X.X","proto":"HTTP/2.0","method":"GET","host":"xxx","uri":"/abc","headers":{"X-Forwarded-Proto":["https"],"Sec-Ch-Ua":["\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\""],"Dnt":["1"],"Referer":["https://xxx/"],"Cookie":[],"Cf-Connecting-Ip":["X.X.X.X"],"Cdn-Loop":["cloudflare"],"If-Modified-Since":["Wed, 18 Jan 2023 11:16:33 GMT"],"If-None-Match":["\"roohzl6az\""],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept":["*/*"],"Accept-Language":["pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7,fr;q=0.6,es;q=0.5,it;q=0.4,ar;q=0.3,zh-CN;q=0.2,zh;q=0.1,da;q=0.1,sv;q=0.1,nl;q=0.1,fi;q=0.1,de;q=0.1,el;q=0.1,id;q=0.1,he;q=0.1,ja;q=0.1,ms;q=0.1,ru;q=0.1,pt;q=0.1"],"Cf-Ipcountry":["PL"],"X-Forwarded-For":["X.X.X.X"],"Cf-Ray":["83a860a2bba70008-IAD"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["script"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"xxx"}},"bytes_read":0,"user_id":"","duration":0.000209214,"size":0,"status":304,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Access-Control-Allow-Origin":["*"],"Etag":["\"roohzl6az\""]}}
remote_ip=172.71.190.23 is cloudflare IP here, while client_ip=X.X.X.X is my own public IP.
from goaccess.
I've edited my goaccess.conf file, usually found in /etc/goaccess/goaccess.conf
time-format %s
date-format %s
...
# CADDY JSON Structured
-#log-format {"ts":"%x.%^","request":{"remote_ip":"%h","proto":"%H","method":"%m","host":"%v","uri":"%U","headers":{"User-Agent":["%u","%^"]},"tls":{"cipher_suite":"%k","proto": "%K"}},"duration": "%T","size": "%b","status": "%s","resp_headers":{"Content-Type":["%M;%^"]}}
+log-format {"ts":"%x.%^","request":{"client_ip":"%h","proto":"%H","method":"%m","host":"%v","uri":"%U","headers":{"User-Agent":["%u"],"Referer":["%R"]},"tls":{"cipher_suite":"%k","proto": "%K"}},"duration": "%T","size": "%b","status": "%s","resp_headers":{"Content-Type":["%M"]}}
Take note that more had to be changed than just remote_ip
to client_ip
, it seems like the Caddy JSON preset found here handles the headers differently than the comment in the config file.
Then I can happily view my logs with visitor IPs logged from my trusted proxy's headers.
goaccess /var/log/caddy/access.log -o /var/www/html/goaccess/report.html --real-time-html
The default config file's comment for Caddy JSON should probably be updated to handle headers the same way as the preset -- and then it would be trivial for someone to uncomment it and swap client_ip
if they were using a trusted proxy.
from goaccess.
Fixed on #2629
from goaccess.
Related Issues (20)
- remove a visitor/IP address from persistent database HOT 3
- Crashed by Sig 11 HOT 4
- Wrong stat HOT 2
- Haproxy log format help HOT 8
- Segmentation fault when using multithreading option (Apple M1 Max) HOT 5
- log format errors HOT 2
- Geolocatin Sorting HOT 3
- Discrepancy in "UNIQUE VISITORS PER DAY" Statistics HOT 1
- Help with log file format HOT 2
- "Static Requests" panel empty in 1.8.1 HOT 2
- Error appear when installing v1.9 HOT 4
- Display Ip Address colunm on all tables HOT 1
- After update to 1.9 if one logfile is empty, report is not generated HOT 3
- Install error CentOS 7 HOT 2
- Format Errors since GoAccess 1.9 HOT 2
- Format Errors with Caddy JSON HOT 12
- Error in Custom Log Format with TZ HOT 1
- TLS settings does not parse HOT 10
- Real-time parsing works as not intended v.1.9.1 HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goaccess.