CopyDisable

Monday, 15 August 2011

Netscaler Load Balancer-Forwarding client IP to the Apche Web Server

Normally the web server receives the Load Balancer’s IP address not the actual client’s IP address. But for web log analysis we need the actual client’s IP address.

For example in one of our website we require the client’s IP address for analysis of the web traffic.

 Explanation of the diagram: The Firewall receives the client’s requests and it NAT the live IP (suppose 220.226.205.251) of the website to the Virtual IP (in our case 172.16.0.164) of the virtual server configured for this website in the load balancer. Now the load balancer receives the requests and forwards the requests to different services registered against the virtual server. While distributing the traffic internally the load balancer uses its Mapped IP. In our case the load balancer has two IPs, one is 172.16.0.250 which is the Load Balancer IP and the other is 172.16.0.251 which is the Mapped IP, and load balancer will use the 172.16.0.251 IP for distributing the traffic. The web servers will get the traffic from the Mapped IP and in web server’s access log we can find only the Mapped IP of the load balancer.


To make the NetScaler load balancer to insert the client IP address in a custom HTTP header, we have to run the following command from the command line interface of the load balancer for all the services we want to send the client’s IP address:


For the website I have configured three servers. Three services are configured for those servers are Oasis_5_80_services, FYJC4_80_service and FYJC5_80_service. So run the commands as shown in the above image and it will enable the load balancer to insert the client’s IP address in the HTTP header for the three services. NS-Client-IP is the header name that is appended to the request. We may specify any name for the header.

No to make the Web Server to log the client IP address present in the HTTP header we have to follow the following steps: (these steps are for Apache web server, for other web servers please see the web server manual)


1) Open the apache configuration file and append the following lines to it

LogFormat “%{NS-Client-IP}i %l %u %t \”%r\” %>s %b \”%{Referer}i\”\”%{User-Agent}i\”" ns-access

CustomLog “logs/access.log” ns-access

If these two lines are already exists in the config file, we may change them appropriately. We can specify the name and the location of the access log as per our choice.


2) Now save the apache config file and restart apache.


3) Repeat the above two steps for all the web servers.


Now I can see the client’s IP address in the Apache web server’s log:
117.200.208.247 – - [25/May/2010:08:55:28 +0530] “GET / HTTP/1.1″ 200 3698 “-”"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)”

117.200.163.11 – - [25/May/2010:08:55:40 +0530] “GET /favicon.ico HTTP/1.1″ 404 988 “-”"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)”

117.200.163.11 – - [25/May/2010:08:55:51 +0530] “GET / HTTP/1.1″ 200 3698 “-”"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)”

117.200.163.11 – - [25/May/2010:08:56:15 +0530] “GET /favicon.ico HTTP/1.1″ 404 988 “-”"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)”

115.118.110.214 – - [25/May/2010:08:56:18 +0530] “GET / HTTP/1.1″ 200 3698 “-”"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5″

117.200.163.11 – - [25/May/2010:08:56:50 +0530] “GET / HTTP/1.1″ 200 3698 “-”"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)”

117.204.144.255 – - [25/May/2010:08:56:53 +0530] “GET / HTTP/1.1″ 200 3698 “-”"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)”

117.199.53.114 – - [25/May/2010:08:57:05 +0530] “GET /favicon.ico HTTP/1.1″ 404 988 “-”"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5″

27.248.95.32 – - [25/May/2010:08:57:13 +0530] “GET / HTTP/1.1″ 200 3698 “-”"Nokia5233/12.1.092 (SymbianOS/9.4; U; Series60/5.0; Mozilla/5.0; Profile/MIDP-2.1 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML,like Gecko) Safari/413″



জয় আই অসম,
প্রণব শর্মা