realip icon indicating copy to clipboard operation
realip copied to clipboard
verified publisher icon kirsch33

Logs?

Open laurentftech opened this issue 3 years ago • 8 comments

Hi. I am testing your module. It seems to work but I do not see any logs in the caddy logs. Is it normal? Is it a way to see the actions actually performed by the module? Thank you. Laurent

laurentftech avatar Apr 28 '22 18:04 laurentftech

I'm not sure what kinds of logs you're expecting to see.

What's your config? What do you see in your logs?

francislavoie avatar Apr 28 '22 18:04 francislavoie

My realip config is realip { header "X-Forwarded-For" from cloudflare from 10.0.0.0/8 maxhops 5 strict true }

I've modified it for testing with:

realip { header "X-Forwarded-For" #from cloudflare from 10.0.0.0/8 maxhops 5 strict true }

and I cannot reach my webservice from Cloudflare but from my local network which is fine. When I look at my caddy logs I have no trace a connection have been rejected. It would be interesting to check there's no attack attempts. Does is make sense?

Here are my logs:

{"level":"info","ts":1651171517.293661,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["myserver.fr","acme.roadrunner"]} {"level":"info","ts":1651171517.3564906,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"} {"level":"warn","ts":1651171517.6778858,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [acme.roadrunner]: no OCSP server specified in certificate","identifiers":["acme.roadrunner"]} {"level":"info","ts":1651171517.7051857,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"} {"level":"info","ts":1651171517.7059333,"msg":"serving initial configuration"} {"level":"info","ts":1651171517.7805393,"logger":"tls","msg":"finished cleaning storage units"} {"level":"warn","ts":1651171521.458605,"logger":"dynamic_dns.ip_sources.simple_http","msg":"IPv6 lookup failed","endpoint":"https://api64.ipify.org","error":"Get "https://api64.ipify.org": dial tcp6: lookup api64.ipify.org on 127.0.0.11:53: no such host"}

laurentftech avatar Apr 28 '22 18:04 laurentftech

Is that your entire config?

I don't think you've actually enabled access logging.

You need to use https://caddyserver.com/docs/caddyfile/directives/log

Also, turn on the debug global option to get the most detailed logs.

francislavoie avatar Apr 28 '22 18:04 francislavoie

Alright I see them with debug.
It seems to me it should be more than debug logs though since there could be real attacks. May I suggest considering an option to log in regular logs ?

laurentftech avatar Apr 28 '22 20:04 laurentftech

What logs? I'm not clear on what you're talking about. Please be specific.

francislavoie avatar Apr 28 '22 21:04 francislavoie

Sorry. I would like to get a record of the access attempts refused by the realip module with "strict" (IP not matching the conditions). Just a record in the regular log (access log?) would be good enough.

laurentftech avatar Apr 28 '22 21:04 laurentftech

Ah okay. Yeah, right now it just triggers a 403 error (which you can handle with handle_errors if you want).

https://github.com/kirsch33/realip/blob/3eaa4a63330b8d23d153e555da8797865ae1b22e/module.go#L227

But like I said, enable the log inside your site, you'll see these at ERROR level.

francislavoie avatar Apr 28 '22 21:04 francislavoie

Ok thanks for your guidance. So log ERROR should do the trick. Thanks.

laurentftech avatar Apr 29 '22 06:04 laurentftech