Apache 2.4 – Fix RemoteIP Logging Issue with X-Forwarded-For

apache-2.4httpd.confvirtualhost

I'm using Apache/2.4.27

Within the VirtualHost I'm forwarding the remote client IP header from the Loadbalancer with:

RemoteIPHeader X-Forwarded-For

Which is needed by the application served by that Virtualhost.

This is the log format within the main httpd.conf context.

LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

When I have the RemoteIPHeader X-Forwarded-For listed within the virtualhost, Apache stops writting the remote-client IP into logs.

When I remove it from the VirtualHost, the remote-client IP starts appearing again within the logs.

Any ideas why the RemoteIPHeader X-Forwarded-For doesn't play with (%{X-Forwarded-For}i) from the LogFormat ?

Thanks !

Best Answer

Proxy Layer (Nginx)

proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Real-IP       $remote_addr;

Backend Layer (Apache)

# Log format config
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" common env=forwarded

# Header config
RemoteIPHeader X-Real-IP
RemoteIPHeader X-Client-IP
RemoteIPInternalProxy 192.168.10.10 192.168.10.11

Description:

proxy_set_header - directive sets headers that nginx sends to backend; so in this example We sends two variables (to headers): X-Forwarded-For and X-Real-IP

X-Forwarded-For - on the proxy side it must be set that this header should be passed to backends and accessible from their layer

X-Real-IP - it does not affect the required variables on the web page but we leave it enabled so that the Apache server places the client's address in the logs (you also need to set the log format itself):

### X-Real-IP enabled
172.217.20.206 - - [03/Jun/2017:11:12:11 +0200] "GET /tls-check.php?9832 HTTP/1.0" 200 1409
### X-Real-IP disabled
172.16.21.11 - - [03/Jun/2017:15:12:49 +0200] "GET /tls-check.php?13266 HTTP/1.0" 200 1448

Curl

:~$ curl -H Cache-Control: no-cache -ks https://example.com/tls-check.php?${RANDOM} | grep "HTTP_X_FORWARDED_FOR\|HTTP_X_REAL_IP\|SERVER_ADDR\|REMOTE_ADDR"
[HTTP_X_FORWARDED_FOR] => 172.217.20.206
[HTTP_X_REAL_IP] => 172.217.20.206
[SERVER_ADDR] => 192.168.10.100
[REMOTE_ADDR] => 192.168.10.10

tls_check.php

<?php

echo '<pre>';
print_r($_SERVER);
echo '</pre>';
exit;

?>

Related Solutions

Apache: Is it possible to set a default custom log format to be used by all vhosts

Are you asking just for the log format definition in one place?

In your main server config, use the LogFormat directive:

LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

Note the end vhost_common is the nickname.

Then, you can specify in each vhost block to use that format for the log:

CustomLog logs/myvhost.access.log vhost_common

Apache 2.4 Virtualhost Blank Screen

if you get blank pages on loading php pages, set display_errors = On in /path-to-your/php.ini and start apache again (e.g.: sudo service apache24 onerestart). This way instead of a blank page, the missing extension(s) will be shown on the page. Chances are that it is commented out or missing in /path-to-your/php/extensions.ini (read on a FreeBSD forum, tip from soulreaver1)

Best Answer

Related Solutions

Apache: Is it possible to set a default custom log format to be used by all vhosts

Apache 2.4 Virtualhost Blank Screen

Related Topic