Apache server behind PIX logs all incoming IPs as

My Apache server behind a PIX 501 logs all incoming IPs (access.log/ error.log) as; is this a result of using the PIX (i.e. not having the webserver in a DMZ), or should I be blaming Apache?

My PIX config is: PIX Version 6.3(5) access-list outside_in permit icmp any interface outside echo-reply access-list outside_in permit tcp any interface outside eq 3390 access-list outside_in permit tcp any interface outside eq ftp access-list outside_in permit tcp any interface outside eq www mtu outside 1500 mtu inside 1500 ip address outside 64.xxx.xxx.218 ip address inside ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 1 0 0 static (inside,outside) tcp interface 3390 3390 netmask 0 0 static (inside,outside) tcp interface ftp ftp netmask 0 0 static (inside,outside) tcp interface www 81 netmask 0 0 access-group outside_in in interface outside conduit permit icmp any any route outside 64.xxx.xxx.217 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable
Reply to
Loading thread data ...

No matter what you do with the PIX, if a packet manages to reach the server at all, the packet is going to have -some- non-zero IP address (Okay, I admit I haven't -tried- doing a static map to but I'd be surprised if it was allowed.) So Apache should be logging -something- non-zero for the IP.

How new is your Apache? Historically, there was a problem on some operating systems with being logged, especially by Apache. Unfortunately I no longer recall the exact cause.

I see a recent report about Apache for Windows having this behaviour:

formatting link
That's not actually the incident I was thinking of; the one I was thinking of was a number of years ago, possibly on SGI IRIX or Sun Solaris.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.