Access log variables for OpenResty Edge
HTTP Variables
args
: arguments in the request line.realip_remote_addr
: keeps the original client address.realip_remote_port
: keeps the original client port.binary_remote_addr
: client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.body_bytes_sent
: number of bytes sent to a client, not counting the response header.bytes_sent
: number of bytes sent to a client.total_bytes
: The sum of the bytes of the request body and the response body.connection
: connection serial number.connection_requests
: current number of requests made through a connection.connections_active
: The current number of active client connections includingWaiting
connections.connections_reading
: The current number of connections where OpenResty Edge is reading the request header.connections_waiting
: The current number of idle client connections waiting for a request.connections_writing
: The current number of connections where OpenResty Edge is writing the response back to the client.content_length
:Content-Length
request header field.content_type
:Content-Type
request header field.date_gmt
: current time in GMT.date_local
: current time in the local time zone.document_uri
: same as$uri
.gzip_ratio
: achieved compression ratio, computed as the ratio between the original and compressed response sizes.host
: in this order of precedence: host name from the request line, or host name from theHost
request header field.hostname
: host name.http2
: negotiated protocol identifier:h2
for HTTP/2 over TLS,h2c
for HTTP/2 over cleartext TCP, or an empty string otherwise.https
:on
if connection operates in SSL mode, or an empty string otherwise.invalid_referer
: Empty string, if theReferer
request header field value is considered valid, otherwise1
.is_args
:?
if a request line has arguments, or an empty string otherwise.msec
: current time in seconds with the milliseconds resolution.pid
: PID of the worker process.pipe
:p
if request was pipelined,.
otherwise.proxy_add_x_forwarded_for
: theX-Forwarded-For
client request header field with the$remote_addr
variable appended to it, separated by a comma. If theX-Forwarded-For
field is not present in the client request header, the$proxy_add_x_forwarded_for
variable is equal to the$remote_addr
variable.proxy_host
: name and port of a proxied server.proxy_port
: port of a proxied server.query_string
: same as$args
.remote_addr
: client address.remote_port
: client port.remote_user
: user name supplied with the Basic authentication.request
: full original request line.request_body
: request body.request_body_file
: name of a temporary file with the request body.request_completion
:OK
if a request has completed, or an empty string otherwise.request_id
: unique request identifier generated from 16 random bytes, in hexadecimal.request_length
: request length (including request line, header, and request body).request_method
: request method, usuallyGET
orPOST
.request_time
: request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client.request_uri
: full original request URI (with arguments).req_id
: unique request identifier.scheme
: request scheme,http
orhttps
.server_addr
: an address of the server which accepted a request.server_name
: name of the server which accepted a request.server_port
: port of the server which accepted a request.server_protocol
: request protocol, usuallyHTTP/1.0
,HTTP/1.1
,HTTP/2.0
, orHTTP/3.0
.spdy
: SPDY protocol version for SPDY connections, or an empty string otherwise.spdy_request_priority
: request priority for SPDY connections, or an empty string otherwise.ssl_cipher
: returns the name of the cipher used for an established SSL connection.ssl_ciphers
: returns the list of ciphers supported by the client. Known ciphers are listed by names, unknown are shown in hexadecimal, for example:.AES128-SHA:AES256-SHA:0x00ff
ssl_client_cert
: returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character.ssl_client_fingerprint
: returns the SHA1 fingerprint of the client certificate for an established SSL connection.ssl_client_escaped_cert
: returns the client certificate in the PEM format (urlencoded) for an established SSL connection.ssl_client_i_dn
: returns theissuer DN
string of the client certificate for an established SSL connection according to RFC 2253.ssl_client_i_dn_legacy
: returns theissuer DN
string of the client certificate for an established SSL connection.ssl_client_raw_cert
: returns the client certificate in the PEM format for an established SSL connection.ssl_client_s_dn
: returns thesubject DN
string of the client certificate for an established SSL connection according to RFC 2253.ssl_client_s_dn_legacy
: returns thesubject DN
string of the client certificate for an established SSL connection;.ssl_client_serial
: returns the serial number of the client certificate for an established SSL connection;.ssl_client_v_end
: returns the end date of the client certificate.ssl_client_v_remain
: returns the number of days until the client certificate expires.ssl_client_v_start
: returns the start date of the client certificate.ssl_client_verify
: returns the result of client certificate verification:SUCCESS
,FAILED:reason
, andNONE
if a certificate was not present.ssl_curves
: returns the list of curves supported by the client. Known curves are listed by names, unknown are shown in hexadecimal, for example0x001d:prime256v1:secp521r1:secp384r1
.ssl_early_data
: returns1
if TLS 1.3 early data is used and the handshake is not complete, otherwise empty string.ssl_preread_alpn_protocols
: list of protocols advertised by the client through ALPN. The values are separated by commas.ssl_preread_protocol
: the highest SSL protocol version supported by the client.ssl_preread_server_name
: server name requested through SNI.ssl_protocol
: returns the protocol of an established SSL connection.ssl_server_name
: returns the server name requested through SNI.ssl_session_id
: returns the session identifier of an established SSL connection.ssl_session_reused
: returnsr
if an SSL session was reused, or.
otherwise.status
: response status.tcpinfo_rcv_space/tcpinfo_rtt/tcpinfo_rttvar/tcpinfo_snd_cwnd
: information about the client TCP connection; available on systems that support the TCP_INFO socket option.time_iso8601
: local time in the ISO 8601 standard format.time_local
: local time in the Common Log Format.time_local_msec
: local time with millisecond precision in common log format.upstream_addr
: keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g.192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock
.upstream_bytes_received
: number of bytes received from an upstream server. Values from several connections are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_bytes_sent
: number of bytes sent to an upstream server. Values from several connections are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_cache_status
: keeps the status of accessing a response cache. The status can be eitherMISS
,BYPASS
,EXPIRED
,STALE
,UPDATING
,REVALIDATED
, orHIT
.upstream_connect_time
: keeps time spent on establishing a connection with the upstream server; the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_first_byte_time
: time to receive the first byte of data; the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the$upstream_addr
variable.upstream_header_time
: keeps time spent on receiving the response header from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_queue_time
: keeps time the request spent in the upstream queue; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_response_length
: keeps the length of the response obtained from the upstream server; the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_response_time
: keeps time spent on receiving the response from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_session_time
: session duration in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the$upstream_addr
variable.upstream_status
: keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the$upstream_addr
variable. If a server cannot be selected, the variable keeps the 502 (Bad Gateway) status code.uri
: current URI in request, normalized. The value of$uri
may change during request processing, e.g. when doing internal redirects, or when using index files.app_id
: The HTTP application ID of OpenResty Edge.internal_request
: Whether it is an internal request.limit_action
: The action taken to limit, such as ‘block’.response_body
: The response body.proxy_protocol_addr
: client address from the PROXY protocol header.proxy_protocol_port
: client port from the PROXY protocol header.client_isp
: Client’s Internet Service Provider. This indicates the network service provider used by the visitor, such as Comcast, Verizon, China Telecom, etc. This variable was first introduced in v24.9.1.client_asn
: Client’s Autonomous System Number. This is a unique identifier used to identify routing domains on the internet. Each ISP or large network typically has its own ASN. This variable was first introduced in v24.9.1.client_country
: Client’s country. This indicates the country corresponding to the visitor’s IP address, such as China, United States, Japan, etc. This variable was first introduced in v24.9.1.client_continent
: Client’s continent. This indicates the continent corresponding to the visitor’s IP address, such as Asia, North America, Europe, etc. This variable was first introduced in v24.9.1.client_province
: Client’s province or state. This indicates the province (in China) or state (in countries like the United States) corresponding to the visitor’s IP address, such as Guangdong Province, California, etc. This variable was first introduced in v24.9.1.client_city
: Client’s city. This indicates the city corresponding to the visitor’s IP address, such as Beijing, New York, Tokyo, etc. This variable was first introduced in v24.9.1.
HTTP fixed prefix variables
arg_
: argument name in the request line.upstream_trailer_
: keeps fields from the end of the response obtained from the upstream server.upstream_http_
: keep server response header fields. For example, theServer
response header field is available through the$upstream_http_server
variable. The rules of converting header field names to variable names are the same as for the variables that start with the$http_
prefix. Only the header fields from the response of the last server are saved.sent_http_
: arbitrary response header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores.sent_trailer_
: arbitrary field sent at the end of the response; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores.cookie_
: the name cookie.http_
: arbitrary request header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores.upstream_cookie_
: cookie with the specified name sent by the upstream server in theSet-Cookie
response header field. Only the cookies from the response of the last server are saved.or-global-
: global variable of OpenResty Edge. .
Stream Variables
binary_remote_addr
: client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.bytes_sent
: number of bytes sent to a client.connection
: connection serial number.hostname
: host name.msec
: current time in seconds with the milliseconds resolution.pid
: PID of the worker process.proxy_protocol_addr
: client address from the PROXY protocol header.proxy_protocol_port
: client port from the PROXY protocol header.proxy_protocol_server_addr
: server address from the PROXY protocol header.proxy_protocol_server_port
: server port from the PROXY protocol header.remote_addr
: client address.remote_port
: client port.server_addr
: an address of the server which accepted a connection.server_port
: port of the server which accepted a connection.ssl_cipher
: returns the name of the cipher used for an established SSL connection.ssl_ciphers
: returns the list of ciphers supported by the client. Known ciphers are listed by names, unknown are shown in hexadecimal, for example:.AES128-SHA:AES256-SHA:0x00ff
ssl_client_cert
: returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character.ssl_client_fingerprint
: returns the SHA1 fingerprint of the client certificate for an established SSL connection.ssl_client_i_dn
: returns theissuer DN
string of the client certificate for an established SSL connection according to RFC 2253.ssl_client_raw_cert
: returns the client certificate in the PEM format for an established SSL connection.ssl_client_s_dn
: returns thesubject DN
string of the client certificate for an established SSL connection according to RFC 2253.ssl_client_serial
: returns the serial number of the client certificate for an established SSL connection.ssl_client_v_end
: returns the end date of the client certificate.ssl_client_v_remain
: returns the number of days until the client certificate expires.ssl_client_v_start
: returns the start date of the client certificate.ssl_client_verify
: returns the result of client certificate verification:SUCCESS
,FAILED:reason
, andNONE
if a certificate was not present.ssl_curves
: returns the list of curves supported by the client. Known curves are listed by names, unknown are shown in hexadecimal, for example:0x001d:prime256v1:secp521r1:secp384r1
.0x001d:prime256v1:secp521r1:secp384r1
ssl_protocol
: returns the protocol of an established SSL connection.ssl_server_name
: returns the server name requested through SNI;.ssl_session_id
: returns the session identifier of an established SSL connection.ssl_session_reused
: returnsr
if an SSL session was reused, or.
otherwise.time_iso8601
: local time in the ISO 8601 standard format.time_local
: local time in the Common Log Format.time_local_msec
: local time with millisecond precision in common log format.upstream_addr
: keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g.192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock
.upstream_bytes_received
: number of bytes received from an upstream server. Values from several connections are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_bytes_sent
: number of bytes sent to an upstream server. Values from several connections are separated by commas and colons like addresses in the$upstream_addr
variable.upstream_connect_time
: keeps time spent on establishing a connection with the upstream server; the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the$upstream_addr
variable.
Socks5 Variables
time
: The local time when the request started.request_time
: The time when the request started.up_bytes
: The number of bytes of the request.down_bytes
: The number of bytes of the response.proxy_port
: The port of the proxy server.client_addr
: The address of the client.username
: The username.upstream_host
: The upstream hostname.upstream_port
: The upstream port.status
: The status code.bandwidth
: The name of the bandwidth rule.failure
: The reason for failure.
HTTP Forward Proxy Variables
time
: The local time when the request started.up_bytes
: The number of bytes of the request.down_bytes
: The number of bytes of the response.proxy_port
: The port of the proxy server.client_addr
: The address of the client.upstream_host
: The upstream address.upstream_port
: The upstream port.method
: The request method.status
: The status code of the request.failure
: The reason for failure.account_key
: The account keyword.account
: The account.pa_
: The information for proxy authentication.header_
: The information for the request headers, such as ‘header_host’.arg_
: The information for the URI parameters, such as ‘arg_name’.decoded_proxy_authorization
: The decoded proxy authorization information.