Answer the question
In order to leave comments, you need to log in
V
V
Vincent12022-03-07 18:24:20
Vincent1, 2022-03-07 18:24:20
Why can't apache with mod_remoteip detect some ips correctly?
Apache is running nginx on the server. The mod_remoteip module works in Apache. Usually in Apache logging settings I have the following config:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combinedNow I'm being bullied. I ban ips that I take from %{X-Forwarded-For}i. But this does not always help. I see that there is a rule in iptables, but requests still come from banned ip.
changed config to
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combinedAnd another problem has been added. There are a bunch of requests like this:
95.216.144.51 - - [07/Mar/2022:18:13:43 +0300] "-" 408 0 "-" "-"
95.216.144.51 - - [07/Mar/2022:18:13:43 +0300] "-" 408 0 "-" "-"
95.216.144.51 - - [07/Mar/2022:18:13:43 +0300] "-" 408 0 "-" "-"
95.216.144.51 - - [07/Mar/2022:18:13:44 +0300] "-" 408 0 "-" "-"
95.216.144.51 - - [07/Mar/2022:18:13:44 +0300] "-" 408 0 "-" "-"
95.216.144.51 - - [07/Mar/2022:18:13:44 +0300] "-" 408 0 "-" "-"95.216.144.51 - ip of my server.
nginx for host
spoiler
server {
listen 95.216.144.51:80;
server_name vincent1.ru www.vincent1.ru;
error_log /var/log/apache2/domains/vincent1.ru.error.log error;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://95.216.144.51:8080;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
root /home/vincent1/web/vincent1.ru/public_html;
access_log /var/log/apache2/domains/vincent1.ru.log combined;
access_log /var/log/apache2/domains/vincent1.ru.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/vincent1/web/vincent1.ru/document_errors/;
}
location @fallback {
proxy_pass http://95.216.144.51:8080;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/vincent1/conf/web/nginx.vincent1.ru.conf*;
}if you look
netstat -antu, I see thousands of connections to my server on port 80 from one ip, but this ip is not found anywhere in the Apache logs. Why?spoiler
tcp 0 0 95.216.144.51:80 137.184.238.68:57500 FIN_WAIT2
tcp 0 0 95.216.144.51:80 143.110.229.58:42830 FIN_WAIT2
tcp 0 0 95.216.144.51:80 141.101.77.138:56758 TIME_WAIT
tcp 0 0 95.216.144.51:80 137.184.238.68:40584 FIN_WAIT2
tcp 0 0 95.216.144.51:80 137.184.238.68:38354 FIN_WAIT2
tcp 0 0 95.216.144.51:80 137.184.238.68:42348 FIN_WAIT2
tcp 0 0 95.216.144.51:80 137.184.238.68:33604 FIN_WAIT2
tcp 0 0 95.216.144.51:80 137.184.238.68:33094 FIN_WAIT2How to configure everything so that I can see the ip of all the villains in my Apache logs?
2 answer(s)
@dodo512
There is X-Forwarded-For, but there is nothing in location @fallback.
D
dodo512, 2022-03-07 @dodo512
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://95.216.144.51:8080;There is X-Forwarded-For, but there is nothing in location @fallback.
location @fallback {
proxy_pass http://95.216.144.51:8080;
}
Similar questions
S
R
I
Ilia Malashko2020-02-24 11:52:36
Why do all domains serve content from one site (nginx+php-fpm)?
2Reply
V
Vladislav Eremin2017-10-07 00:49:38
Is it possible to split 3000 domains into 3 IPs on NGINX?
3Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question