Tuesday, July 14, 2009

Akamai IP in the access logs of webserver or appserver

If your website is akamized either by Edge Content Delivery or Dynamic Site Accelerator your webserver or appserver access logs will always shows the IP of the akamai edge server instead of the actual client ip, but with the exception if the client is using the origin server domain address to reach the server , which usaully happens when you are testing the server for problems isolating akamai. During any outage issues you will be curious to know whose ip is logged , where the ip came from and how many requests are made during the time. Unfortunately like many other isp's, akamai doesn't provide any reverse lookup on their servers to easily isloate ip's of akamai to that of others. so here is the little trick you can use to find whether a particular ip belongs to an akamai server. Just get the ip address from the logs and make a request using your browser like http://77.67.85.65/ , since akamai servers listens on port 80 you will usually get a 400 Bad Request http response with Invalid URL message and if you inspect the headers with the live http headers firefox plugin, you will notice that the "Server:" header will have a value of AkamaiGHost as show below which can confirm that the particular ip is from an akamai server, Note Akamai also give us the ability to get the client ip address in a custom IP header called True-Client-IP, with custom logging enabled you should be able to print the real client ip in the access log as well.

Invalid URL

The requested URL "/", is invalid.

Reference #9.3d55434d.1248071422.0


---------------------------------------------------------------------------------------------
http://77.67.85.65/

GET / HTTP/1.1
Host: 77.67.85.65
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no

HTTP/1.x 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 187
Expires: Mon, 20 Jul 2009 06:17:42 GMT
Date: Mon, 20 Jul 2009 06:17:42 GMT
Connection: close
----------------------------------------------------------

No comments: