In trying to adjust the method of logging in Apache, it was found logical to have the configuration perform an AND on two variables to validate one format vs another. I had not found much detail on this, until making my way to: http://stephane.lesimple.fr/blog/2010-01-28/apache-logical-or-and-conditions-with-setenvif.html. From the page archived, I had the following:
CustomLog /var/log/apache2/loopback_posts.log combined env=posting_myself SetEnvIf Remote_Addr "^" loopback_ip=0 SetEnvIf Remote_Addr "^127\.0\.0\.1$" loopback_ip=1 SetEnvIf Request_Method "POST" posting_myself SetEnvIf loopback_ip 0 !posting_myself
In my example, it was not able to work as shown above, but not of by much. We quoted the last 0 in the lines we had written, giving us the following example:
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded SetEnvIf Remote_Addr "^" LB_ip=0 SetEnvIf Remote_Addr "10\.11\.0\.254" LB_ip=1 SetEnvIf LB_ip "0" !forwarded CustomLog logs/access_log proxy env=forwarded CustomLog logs/access_log combined env=!forwarded
When tested, requests coming from the LB IP are listed as trusted, and only trusted requests are adjusted and trusted as having been forwarded. Other requests, we can assume (based on topology) with x-forwarded-for header are identified as falsified.