Estimated Reading time: 11 minutes | Last modified: 2023-05-09, 6:19:00 pm

Access log variables for OpenResty Edge

HTTP Variables

  • args: arguments in the request line.
  • realip_remote_addr: keeps the original client address.
  • realip_remote_port: keeps the original client port.
  • binary_remote_addr: client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.
  • body_bytes_sent: number of bytes sent to a client, not counting the response header.
  • bytes_sent: number of bytes sent to a client.
  • total_bytes: The sum of the bytes of the request body and the response body.
  • connection: connection serial number.
  • connection_requests: current number of requests made through a connection.
  • connections_active: The current number of active client connections including Waiting connections.
  • connections_reading: The current number of connections where OpenResty Edge is reading the request header.
  • connections_waiting: The current number of idle client connections waiting for a request.
  • connections_writing: The current number of connections where OpenResty Edge is writing the response back to the client.
  • content_length: Content-Length request header field.
  • content_type: Content-Type request header field.
  • date_gmt: current time in GMT.
  • date_local: current time in the local time zone.
  • document_uri: same as $uri.
  • gzip_ratio: achieved compression ratio, computed as the ratio between the original and compressed response sizes.
  • host: in this order of precedence: host name from the request line, or host name from the Host request header field.
  • hostname: host name.
  • http2: negotiated protocol identifier: h2 for HTTP/2 over TLS, h2c for HTTP/2 over cleartext TCP, or an empty string otherwise.
  • https: on if connection operates in SSL mode, or an empty string otherwise.
  • invalid_referer: Empty string, if the Referer request header field value is considered valid, otherwise 1.
  • is_args: ? if a request line has arguments, or an empty string otherwise.
  • msec: current time in seconds with the milliseconds resolution.
  • pid: PID of the worker process.
  • pipe: p if request was pipelined, . otherwise.
  • proxy_add_x_forwarded_for: the X-Forwarded-For client request header field with the $remote_addr variable appended to it, separated by a comma. If the X-Forwarded-For field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable.
  • proxy_host: name and port of a proxied server.
  • proxy_port: port of a proxied server.
  • query_string: same as $args.
  • remote_addr: client address.
  • remote_port: client port.
  • remote_user: user name supplied with the Basic authentication.
  • request: full original request line.
  • request_body: request body.
  • request_body_file: name of a temporary file with the request body.
  • request_completion: OK if a request has completed, or an empty string otherwise.
  • request_id: unique request identifier generated from 16 random bytes, in hexadecimal.
  • request_length: request length (including request line, header, and request body).
  • request_method: request method, usually GET or POST.
  • request_time: request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client.
  • request_uri: full original request URI (with arguments).
  • req_id: unique request identifier.
  • scheme: request scheme, http or https.
  • server_addr: an address of the server which accepted a request.
  • server_name: name of the server which accepted a request.
  • server_port: port of the server which accepted a request.
  • server_protocol: request protocol, usually HTTP/1.0, HTTP/1.1, HTTP/2.0, or HTTP/3.0.
  • spdy: SPDY protocol version for SPDY connections, or an empty string otherwise.
  • spdy_request_priority: request priority for SPDY connections, or an empty string otherwise.
  • ssl_cipher: returns the name of the cipher used for an established SSL connection.
  • ssl_ciphers: returns the list of ciphers supported by the client. Known ciphers are listed by names, unknown are shown in hexadecimal, for example:. AES128-SHA:AES256-SHA:0x00ff
  • ssl_client_cert: returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character.
  • ssl_client_fingerprint: returns the SHA1 fingerprint of the client certificate for an established SSL connection.
  • ssl_client_escaped_cert: returns the client certificate in the PEM format (urlencoded) for an established SSL connection.
  • ssl_client_i_dn: returns the issuer DN string of the client certificate for an established SSL connection according to RFC 2253.
  • ssl_client_i_dn_legacy: returns the issuer DN string of the client certificate for an established SSL connection.
  • ssl_client_raw_cert: returns the client certificate in the PEM format for an established SSL connection.
  • ssl_client_s_dn: returns the subject DN string of the client certificate for an established SSL connection according to RFC 2253.
  • ssl_client_s_dn_legacy: returns the subject DN string of the client certificate for an established SSL connection;.
  • ssl_client_serial: returns the serial number of the client certificate for an established SSL connection;.
  • ssl_client_v_end: returns the end date of the client certificate.
  • ssl_client_v_remain: returns the number of days until the client certificate expires.
  • ssl_client_v_start: returns the start date of the client certificate.
  • ssl_client_verify: returns the result of client certificate verification: SUCCESS, FAILED:reason, and NONE if a certificate was not present.
  • ssl_curves: returns the list of curves supported by the client. Known curves are listed by names, unknown are shown in hexadecimal, for example 0x001d:prime256v1:secp521r1:secp384r1.
  • ssl_early_data: returns 1 if TLS 1.3 early data is used and the handshake is not complete, otherwise empty string.
  • ssl_preread_alpn_protocols: list of protocols advertised by the client through ALPN. The values are separated by commas.
  • ssl_preread_protocol: the highest SSL protocol version supported by the client.
  • ssl_preread_server_name: server name requested through SNI.
  • ssl_protocol: returns the protocol of an established SSL connection.
  • ssl_server_name: returns the server name requested through SNI.
  • ssl_session_id: returns the session identifier of an established SSL connection.
  • ssl_session_reused: returns r if an SSL session was reused, or . otherwise.
  • status: response status.
  • tcpinfo_rcv_space/tcpinfo_rtt/tcpinfo_rttvar/tcpinfo_snd_cwnd: information about the client TCP connection; available on systems that support the TCP_INFO socket option.
  • time_iso8601: local time in the ISO 8601 standard format.
  • time_local: local time in the Common Log Format.
  • time_local_msec: local time with millisecond precision in common log format.
  • upstream_addr: keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. 192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock.
  • upstream_bytes_received: number of bytes received from an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_bytes_sent: number of bytes sent to an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_cache_status: keeps the status of accessing a response cache. The status can be either MISS, BYPASS, EXPIRED, STALE, UPDATING, REVALIDATED, or HIT.
  • upstream_connect_time: keeps time spent on establishing a connection with the upstream server; the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_first_byte_time: time to receive the first byte of data; the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable.
  • upstream_header_time: keeps time spent on receiving the response header from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_queue_time: keeps time the request spent in the upstream queue; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_response_length: keeps the length of the response obtained from the upstream server; the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_response_time: keeps time spent on receiving the response from the upstream server; the time is kept in seconds with millisecond resolution. Times of several responses are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_session_time: session duration in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable.
  • upstream_status: keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the $upstream_addr variable. If a server cannot be selected, the variable keeps the 502 (Bad Gateway) status code.
  • uri: current URI in request, normalized. The value of $uri may change during request processing, e.g. when doing internal redirects, or when using index files.
  • app_id: The HTTP application ID of OpenResty Edge.
  • internal_request: Whether it is an internal request.
  • limit_action: The action taken to limit, such as ‘block’.
  • response_body: The response body.
  • proxy_protocol_addr: client address from the PROXY protocol header.
  • proxy_protocol_port: client port from the PROXY protocol header .

HTTP fixed prefix variables

  • arg_: argument name in the request line.
  • upstream_trailer_: keeps fields from the end of the response obtained from the upstream server.
  • upstream_http_: keep server response header fields. For example, the Server response header field is available through the $upstream_http_server variable. The rules of converting header field names to variable names are the same as for the variables that start with the $http_ prefix. Only the header fields from the response of the last server are saved.
  • sent_http_: arbitrary response header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores.
  • sent_trailer_: arbitrary field sent at the end of the response; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores.
  • cookie_: the name cookie.
  • http_: arbitrary request header field; the last part of a variable name is the field name converted to lower case with dashes replaced by underscores.
  • upstream_cookie_: cookie with the specified name sent by the upstream server in the Set-Cookie response header field. Only the cookies from the response of the last server are saved.
  • or-global-: global variable of OpenResty Edge. .

Stream Variables

  • binary_remote_addr: client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.
  • bytes_sent: number of bytes sent to a client.
  • connection: connection serial number.
  • hostname: host name.
  • msec: current time in seconds with the milliseconds resolution.
  • pid: PID of the worker process.
  • proxy_protocol_addr: client address from the PROXY protocol header.
  • proxy_protocol_port: client port from the PROXY protocol header.
  • proxy_protocol_server_addr: server address from the PROXY protocol header.
  • proxy_protocol_server_port: server port from the PROXY protocol header.
  • remote_addr: client address.
  • remote_port: client port.
  • server_addr: an address of the server which accepted a connection.
  • server_port: port of the server which accepted a connection.
  • ssl_cipher: returns the name of the cipher used for an established SSL connection.
  • ssl_ciphers: returns the list of ciphers supported by the client. Known ciphers are listed by names, unknown are shown in hexadecimal, for example:. AES128-SHA:AES256-SHA:0x00ff
  • ssl_client_cert: returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character.
  • ssl_client_fingerprint: returns the SHA1 fingerprint of the client certificate for an established SSL connection.
  • ssl_client_i_dn: returns the issuer DN string of the client certificate for an established SSL connection according to RFC 2253.
  • ssl_client_raw_cert: returns the client certificate in the PEM format for an established SSL connection.
  • ssl_client_s_dn: returns the subject DN string of the client certificate for an established SSL connection according to RFC 2253.
  • ssl_client_serial: returns the serial number of the client certificate for an established SSL connection.
  • ssl_client_v_end: returns the end date of the client certificate.
  • ssl_client_v_remain: returns the number of days until the client certificate expires.
  • ssl_client_v_start: returns the start date of the client certificate.
  • ssl_client_verify: returns the result of client certificate verification: SUCCESS, FAILED:reason, and NONE if a certificate was not present.
  • ssl_curves: returns the list of curves supported by the client. Known curves are listed by names, unknown are shown in hexadecimal, for example: 0x001d:prime256v1:secp521r1:secp384r1. 0x001d:prime256v1:secp521r1:secp384r1
  • ssl_protocol: returns the protocol of an established SSL connection.
  • ssl_server_name: returns the server name requested through SNI;.
  • ssl_session_id: returns the session identifier of an established SSL connection.
  • ssl_session_reused: returns r if an SSL session was reused, or . otherwise.
  • time_iso8601: local time in the ISO 8601 standard format.
  • time_local: local time in the Common Log Format.
  • time_local_msec: local time with millisecond precision in common log format.
  • upstream_addr: keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. 192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock.
  • upstream_bytes_received: number of bytes received from an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_bytes_sent: number of bytes sent to an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.
  • upstream_connect_time: keeps time spent on establishing a connection with the upstream server; the time is kept in seconds with millisecond resolution. In case of SSL, includes time spent on handshake. Times of several connections are separated by commas and colons like addresses in the $upstream_addr variable.

Socks5 Variables

  • time: The local time when the request started.
  • request_time: The time when the request started.
  • up_bytes: The number of bytes of the request.
  • down_bytes: The number of bytes of the response.
  • proxy_port: The port of the proxy server.
  • client_addr: The address of the client.
  • username: The username.
  • upstream_host: The upstream hostname.
  • upstream_port: The upstream port.
  • status: The status code.
  • bandwidth: The name of the bandwidth rule.
  • failure: The reason for failure.

HTTP Forward Proxy Variables

  • time: The local time when the request started.
  • up_bytes: The number of bytes of the request.
  • down_bytes: The number of bytes of the response.
  • proxy_port: The port of the proxy server.
  • client_addr: The address of the client.
  • upstream_host: The upstream address.
  • upstream_port: The upstream port.
  • method: The request method.
  • status: The status code of the request.
  • failure: The reason for failure.
  • account_key: The account keyword.
  • account: The account.
  • pa_: The information for proxy authentication.
  • header_: The information for the request headers, such as ‘header_host’.
  • arg_: The information for the URI parameters, such as ‘arg_name’.
  • decoded_proxy_authorization: The decoded proxy authorization information.