BigIP LTM and Apache - Capturing Client IP in access log

Tracking end client IP in web server logs

-----------------------------------------

1) In BigIP, navigate to Local Traffic >> HTTP Profiles >> http

Enable "Insert XForwarded For" option

Update to save the configuration.

http profile is just an example. You should set this option for whatever profile the pool is using.

2) In Apache (or IBM HTTP Server) httpd.conf

LogFormat "\"%{X-Forwarded-For}i\" %h %v %l %u %t \"%r\" %>s %b" mycustom

CustomLog "/opt/IBM/HTTPServer/bin/rotatelogs /var/logs/test-443-access.log.%Y-%m-%d 86400"mycustom

The output access logfile should contain client IP

Decode BigIP cookie to identify pool member

How to decode BigIP LTM cookie to identify which pool member (web server IP) the request is routed to?
---------------------------------------------------------------------

HTTP headers in a transaction will have the BIGIP cookie information as below.

Cookie: BIGipServer{pool-name}-80=404007104.20480.0000

404007104 is the encoded IP address of a pool member
20480 is the encoded port number

IP address encoding
------------------

If the IP address is of format a.b.c.d, it is encoded as
d*256^3 + c*256^2 + b*256 +a

For example, IP address 192.168.20.24 is encoded as
24*256^3+20*256^2+168*256+192 = 404007104

Port encoding

----------

The port is encoded by taking the two bytes that store the port and reversing them

Port 80 is encoded as 80 * 256 + 0 = 20480
Port 443 is encoded as 443 * 256 + 0 = 113408

Patterns

http://java.sun.com/developer/technicalArticles/J2EE/patterns/PatternTemplate.html

Rotate IBM HTTP Server / Plugin logs

The script has been tested on Solaris environment

rotate_http_logs.sh
-----------------------------
#!/usr/bin/bash -x

# Define variables. These variables can also be defined in .profile and the profile can be sourced
HOST=servernamegoeshere
IHS_ROOT=/opt/IBM/HTTPServer
IHS_BIN=$IHS_ROOT/bin
IHS_CONF=$IHS_ROOT/conf
IHS_LOGS=$IHS_ROOT/logs
PLUGIN_ROOT=$IHS_ROOT/Plugins
PLUGIN_CONF=$PLUGIN_ROOT/config
PLUGIN_LOGS=$PLUGIN_ROOT/logs

# Rotate IBM HTTP Plugin Log
cd $PLUGIN_LOGS/$HOST
SOURCE_FILE=http_plugin.log
TARGET_FILE=http_plugin.log.`date +%Y-%m-%d`
cp $SOURCE_FILE $TARGET_FILE
touch $SOURCE_FILE

# Rotate IBM HTTP Access Log
cd $IHS_LOGS
SOURCE_FILE=error_log
TARGET_FILE=error_log.`date +%Y-%m-%d`
sudo touch $SOURCE_FILE

# Rotate IBM HTTP Error Log
SOURCE_FILE=access_log
TARGET_FILE=access_log.`date +%Y-%m-%d`
sudo touch $SOURCE_FILE

#sudo is used for web servers if the service is run as non root

Create a cron job
-------------------------
0 23 * * * /var/adm/scripts/rotate_http_logs.sh

Setup Apache Name based hosting

NameVirtualHost *

<VirtualHost *>
DocumentRoot /opt/content/domain1/
ServerName http://www.domain1.com/
ErrorLog logs/domain1-error-log
CustomLog logs/domain1-access-log common
</VirtualHost >

<VirtualHost *>
DocumentRoot /opt/content/domain2/
ServerName http://www.domain2.com/
ErrorLog logs/domain2-error-log
CustomLog logs/domain2-access-log common
</VirtualHost >

Apache version of IBM HTTP server

To find the apache version of IBM HTTP Server,
/opt/IBM/HTTPServer/bin/apachectl -v

WebSphere and Oracle 10g Data Source

Problem:
WebSphere 6.1 - Solaris 9 - java.sql.SQLException: java.lang.UnsatisfiedLinkError: no ocijdbc9 in java.library.path

Solution:
It appears that there might be ojdbc jars from Oracle 9i reference somewhere inside the WebSphere classloader path. Update the jar references to Oracle 10g jdbc lib JARs.

Problem:
WebSphere 6.1 - Solaris 9 - java.sql.SQLException: java.lang.UnsatisfiedLinkError: no ocijdbc10 in java.library.path

Solution:
Update .profile for the account that runs WebSphere with the following.
LD_LIBRARY_PATH=$ORACLE_HOME/lib32
export $LD_LIBRARY_PATH
Exit the SSH session, relogin to Unix system and restart the WebSphere process

For 64 bit systems, LD_LIBRARY_PATH=$ORACLE_HOME/lib instead of lib32.

Welcome

Welcome to Technology Wavering!