Welcome to WebmasterWorld Guest from

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

apache log 2 ip addresses one line

aaa.aaa.aaa.aaa, bbb.bbb.bbb.bbb



9:21 pm on Jul 28, 2005 (gmt 0)

10+ Year Member

While scanning an apache access log I came across a handful of lines that have 2 IP addresses on them.

The 2 addresses are the same for all entries, and are formatted like:


Any idea what this could mean?


3:45 pm on Aug 15, 2005 (gmt 0)



4:08 pm on Aug 15, 2005 (gmt 0)

10+ Year Member

... it is hard to tell with so few details.
Do you log further variables beyond the COMMON default?
Do you even log additional private variables %{p1} with apache_note out of PHP scripts into the common log file?

The only thing that comes into my mind is: if you log the X-FORWARDED-FOR sent by some proxies, it may contain more than just one IP address.



4:19 pm on Aug 15, 2005 (gmt 0)

10+ Year Member


Can you past a few complete lines from the raw log file and more importantly, a copy of the CustomLogs and any other related (logformat, etc) Apache directives.

The reason that the directives are useful is that they tell us what Apache has been directed to record in the log:

CustomLog /docs/logs/access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"



6:16 pm on Aug 16, 2005 (gmt 0)

10+ Year Member

Thanks for your responses. I've no experience with server admin, so my apologies.

A few common entries -

68.*.*.* - - [21/Jul/2005:16:19:34 -0700] "GET /some-file.html HTTP/1.0" 200 2118 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)"

212.*.*.* - - [21/Jul/2005:09:00:45 -0700] "GET /css.css HTTP/1.0" 200 2137 "/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

A sample double IP entry -

82.*.*.*, 62.*.*.* - - [02/Aug/2005:10:14:08 -0700] "GET /css.css HTTP/1.0" 200 2137 "referrer" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"

A sample triple entry -

10.*.*.*, 132.185.*.*, 132.185.*.* - - [04/Aug/2005:04:31:15 -0700] "GET / HTTP/1.0" 304 - "referrer" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

I don't have access to the httpd.conf because the site in question is on a shared host. (lesson learned)
From the support pages on the host it seems only the default variables are being logged.

I was leaning towards proxies as an explanation and X-FORWARDED-FOR (default variable?) would make sense. Thanks again for your input.


Featured Threads

Hot Threads This Week

Hot Threads This Month