Apache : log real IP addresses behind a reverse proxy

Jan 10, 2022 by Thibault Debatty | 9830 views

Kubernetes

https://cylab.be/blog/194/apache-log-real-ip-addresses-behind-a-reverse-proxy

It’s quite common now to run your web application behind a reverse proxy or a loadbalancer. This is typically the case if you are running your application in a Kubernetes cluster. In this case, the IP address that is logged by Apache is the IP of the proxy server, which is quite misleading and useless. To get Apache to log the real IP address of the clients, you will have to enable and configure the module remoteip.

christopher-gower-m_HRfLhgABo-unsplash.jpg

Enable the remoteip module:

sudo a2enmod remoteip

Add the following configuration to /etc/apache2/conf-available/remoteip.conf:

#
# /etc/apache2/conf-available/remoteip.conf
# https://cylab.be/blog/194/fix-apache-logs-behind-a-reverse-proxy
#

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy <ip.of.proxy>

Obviously, you must replace <ip.of.proxy> by the actual IP of the proxy server, or by a subnet (like 192.168.0.0/24). If you have multiple IP addresses, you can list them…

And enable the configuration with:

sudo a2enconf remoteip

Finally, restart the Apache server:

sudo service apache2 restart

Done!

This blog post is licensed under CC BY-SA 4.0