Apache mod_remoteip and access logs

Question

Since Apache 2.4 I've started using mod_remoteip instead of mod_extract_forwarded for rewriting client address from x-forwarded-for provided by frontend servers (varnish, squid, apache etc).

So far everything works fine with the modules, i.e. php, cgi, wsgi etc... - client addresses are shown as they should be, but I couldn't write client address in access logs (%a, %h, %{c}a). No luck - I'm always getting 127.0.0.1 (localhost forward ex.).

How to log client's ip address when using mod_remoteip?

Update: IT WORKS O_O - see answer below

you might want to add the specific config you use/tested. Additionally, while not in details, this might help: http://knowledgevoid.com/blog/2012/01/13/logging-the-correct-ip-address-using-apache-2-2-x-and-amazons-elastic-load-balancer/ I assume you did read https://httpd.apache.org/docs/trunk/mod/mod_remoteip.html#page-header aswell? stackexchange has a few questions you might want to read: http://stackoverflow.com/questions/25455731/getting-apache-2-4-access-logs-to-show-client-ip-instead-of-127-0-0-1-with-varni — Dennis Nolte, Aug 25 '14 at 10:34

GioMac · Accepted Answer · 2014-08-25T22:46:56.707

varnish configuration:

if (req.restarts == 0) {
    if (req.http.X-Forwarded-For) {
        set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
    } else {
        set req.http.X-Forwarded-For = client.ip;
    }
}

apache 2.4 configuration sections:

mod_remoteip:

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1/8

logging (%a does the job):

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

+

if there is a nginx in front (ex. SSL termination):

server {
    listen       123.123.123.123:443;
    server_name  server.com;
    root         html;

    ssl                  on;
    ssl_certificate      /etc/pki/httpd/site/chain.crt;
    ssl_certificate_key  /etc/pki/httpd/site/private.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_pass   http://127.0.0.1:6081;
        proxy_set_header Host $http_host;
        proxy_pass_header Server;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

If you accept this answer, you should award the bounty, even if it's your own answer. — mc0e, Aug 31 '14 at 06:36
Would you please update this, or give us the variation for http.cf-connecting-ip from CloudFlare? Have not had any luck making it to work, sorry. — Ruslan Abuzant, Mar 09 '16 at 17:14
You should actually use $proxy_add_x_forwarded_for instead of $remote_addr for Nginx X-Forwarded-For. That does the same functionality as the Varnish example, whereas $remote_addr doesn't include previous X-Forwarded-For values — Andy, Aug 10 '17 at 18:11

score 5 · Answer 2 · answered Aug 25 '14 at 10:30

5

According to mod_remoteip's documentation, the module should simply replace the client IP address, but only when RemoteIPHeader x-forwarded-for is set (doc). Also make sure, your vhost's logging makes use of the CustomLog you have defined.

answered Aug 25 '14 at 10:30

Sgaduuw

1,833
12
16

this should be accepted answer – Chang Zhao Oct 15 '21 at 20:21

Apache mod_remoteip and access logs

2 Answers2