Logging¶
SWS provides logging support by just specifying a log level in lower case. The values allowed are error, warn, info, debug and trace. The default value is error.
This feature is enabled by default and can be controlled by the string -g, --log-level option or the equivalent SERVER_LOG_LEVEL env.
Below is an example of how to adjust the log level.
static-web-server \
--port 8787 \
--root ./my-public-dir \
--log-level "trace"
Log Remote Addresses¶
SWS provides Remote Address (IP) logging for every request via an INFO log level.
This feature is disabled by default and can be enabled by the boolean --log-remote-address option or the equivalent SERVER_LOG_REMOTE_ADDRESS env.
If the feature is enabled then log entries for requests will contain a remote_addr section with the remote address (IP) value. Otherwise, it will be empty.
Log entry example:
2022-05-23T22:24:50.519540Z INFO static_web_server::handler: incoming request: method=GET uri=/ remote_addr=192.168.1.126:57625
Below is an example of how to enable Remote Address (IP) logging. Note the last two entries.
static-web-server -a "0.0.0.0" -p 8080 -d docker/public/ -g info --log-remote-address=true
# 2022-05-23T22:24:44.523057Z INFO static_web_server::logger: logging level: info
# 2022-05-23T22:24:44.523856Z INFO static_web_server::server: server bound to TCP socket 0.0.0.0:8080
# 2022-05-23T22:24:44.523962Z INFO static_web_server::server: runtime worker threads: 4
# 2022-05-23T22:24:44.523989Z INFO static_web_server::server: security headers: enabled=false
# 2022-05-23T22:24:44.524006Z INFO static_web_server::server: auto compression: enabled=true
# 2022-05-23T22:24:44.524061Z INFO static_web_server::server: directory listing: enabled=false
# 2022-05-23T22:24:44.524097Z INFO static_web_server::server: directory listing order code: 6
# 2022-05-23T22:24:44.524133Z INFO static_web_server::server: cache control headers: enabled=true
# 2022-05-23T22:24:44.524191Z INFO static_web_server::server: basic authentication: enabled=false
# 2022-05-23T22:24:44.524210Z INFO static_web_server::server: grace period before graceful shutdown: 0s
# 2022-05-23T22:24:44.524527Z INFO Server::start_server{addr_str="0.0.0.0:8080" threads=4}: static_web_server::server: close time.busy=0.00ns time.idle=10.6µs
# 2022-05-23T22:24:44.524585Z INFO static_web_server::server: listening on http://0.0.0.0:8080
# 2022-05-23T22:24:44.524614Z INFO static_web_server::server: press ctrl+c to shut down the server
# 2022-05-23T22:24:50.519540Z INFO static_web_server::handler: incoming request: method=GET uri=/ remote_addr=192.168.1.126:57625
# 2022-05-23T22:25:26.516841Z INFO static_web_server::handler: incoming request: method=GET uri=/favicon.ico remote_addr=192.168.1.126:57625
Log Real Remote IP¶
When used behind reverse proxy, reported remote_addr indicate proxy internal IP address and port, and not client real remote IP. Proxy server can be configured to provide X-Forwarded-For header, containing comma-separated list of IP addresses, starting with client real remote IP, and all following intermediate proxies (if any).
When Remote Address (IP) logging is enabled, and X-Forwarded-For header is present and correctly formatted, then log entries for requests will contain a real_remote_ip section with IP of remote client, as reported by this header.
We can simulate request as from behind reverse proxy with additional intermediate-proxy with following command:
curl --header "X-Forwarded-For: 203.0.113.195, 2001:db8:85a3:8d3:1319:8a2e:370:7348" http://0.0.0.0:8080
Log entry for such case will look like:
2022-05-23T22:24:50.519540Z INFO static_web_server::handler: incoming request: method=GET uri=/ remote_addr=192.168.1.126:57625 real_remote_ip=203.0.113.195
SWS will parse X-Forwarded-For header, and if format of provided IP is invalid - it will be ignored to prevent log poisoning attacks. In such case real_remote_ip section will not be added.
Example from above, but with invalid header:
curl --header "X-Forwarded-For: <iframe src=//malware.attack>" http://0.0.0.0:8080
2022-05-23T22:24:50.519540Z INFO static_web_server::handler: incoming request: method=GET uri=/ remote_addr=192.168.1.126:57625
Be aware, that contents of X-Forwarded-For header can be augumented by all proxies in the chain, and as such - remote IP address reported by it may not be trusted.