User Tools

Site Tools


Seperate access logs for CDN servers and end users in Apache httpd


CloudFlare, just like Akamai, is a CDN provider. CloudFlare also offers free accounts. To be able to tell apart which requests came from the CDN and which from end users, one might adapt his Apache httpd logging settings to match below. This might come in handy when you'll have to identify this one single POST request sending over diffamatory speech, or so…

The way this will be accomplished is creating a second log file in which the client IP is replaced with the X-Forwarded-For header's content. The default Apache httpd combined log format will log the CloudFlare server hits. This also should be possible to achieve with other web servers like for example NGINX or LigHTTPD.

Apache config changes

# this sets a log format where the client IP is substituted by the end users IP, called 'enduser'
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" enduser
# use the custom log format
CustomLog "/srv/www/" enduser
# per default, apache logs the client IP anyways, which is the CDN caching server IP
CustomLog /srv/www/ combined

Document sources

cdn_apache_logging.txt · Last modified: 2016/05/30 10:14 by flo