Allowing Apache to see client ip from Behind a trusted proxy.

With high speed caching based on nginx, varnish or CDNs in general the client ip gets lost. All
IPs get reported as 127.0.0.1 since the proxy is making the socket request. Solution is two phased:

1) enable reporting the client IP to the X-Forwarded-For header at the proxy or CDN.

This depends on the proxy will be covered in separate posts.

2) installing and configuring the mod_remoteip in Apache 2.

 

Project link L https://github.com/ttkzw/mod_remoteip-httpd22
mkdir /usr/local/src/mod_remoteip
cd /usr/local/src/mod_remoteip
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.conf
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/Makefile

yum install httpd-devel
make
make install

Configuration in the Apache config file:

in /etc/httpd/conf/httpd.conf

# Load and configure mod_remoteip for Google PageSpeed Service
LoadModule remoteip_module /usr/lib64/httpd/modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For

service apache reload

voila 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *