Jan 10, 2022 by Thibault Debatty | 2377 views
It's quite common now to run your web application behind a reverse proxy or a loadbalancer. This is typically the case if you are running your application in a Kubernetes cluster. In this case, the IP address that is logged by Apache is the IP of the proxy server, which is quite misleading and useless. To get Apache to log the real IP address of the clients, you will have to enable and configure the module remoteip.
Enable the remoteip module:
sudo a2enmod remoteip
Add the following configuration to /etc/apache2/conf-available/remoteip.conf:
# # /etc/apache2/conf-available/remoteip.conf # https://cylab.be/blog/194/fix-apache-logs-behind-a-reverse-proxy # RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy <ip.of.proxy>
Obviously, you must replace
<ip.of.proxy> by the actual IP of the proxy server, or by a subnet (like
192.168.0.0/24). If you have multiple IP addresses, you can list them...
And enable the configuration with:
sudo a2enconf remoteip
Finally, restart the Apache server:
sudo service apache2 restart