Apache : log real IP addresses behind a reverse proxy

Jan 10, 2022 by Thibault Debatty | 7490 views



It's quite common now to run your web application behind a reverse proxy or a loadbalancer. This is typically the case if you are running your application in a Kubernetes cluster. In this case, the IP address that is logged by Apache is the IP of the proxy server, which is quite misleading and useless. To get Apache to log the real IP address of the clients, you will have to enable and configure the module remoteip.


Enable the remoteip module:

sudo a2enmod remoteip

Add the following configuration to /etc/apache2/conf-available/remoteip.conf:

# /etc/apache2/conf-available/remoteip.conf
# https://cylab.be/blog/194/fix-apache-logs-behind-a-reverse-proxy

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy <ip.of.proxy>

Obviously, you must replace <ip.of.proxy> by the actual IP of the proxy server, or by a subnet (like If you have multiple IP addresses, you can list them...

And enable the configuration with:

sudo a2enconf remoteip

Finally, restart the Apache server:

sudo service apache2 restart


This blog post is licensed under CC BY-SA 4.0

This website uses cookies. More information about the use of cookies is available in the cookies policy.