2

I've set this up before and it works on other servers but I can't for the life of me figure out why it's not working in this instance, though I have a possible theory. All of this is in Amazon Web Services.

So in this case we are hosting the main site on a Windows server using IIS 8. The blog is on another server running Ubuntu/Apache 2.4.6 to host WordPress. The main site is in a VPC for the support of multiple IP addresses. The blog is outside of the VPC.

The other set ups (which work) both use nginx as the reverse proxy server instead of IIS and have the proxy and server in the same VPC. Does that really matter?

From a working configuration:

LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.31.x.x/32

The non-working configuration:

LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 54.2x.x.x

I'v also tried variations of that such as:

RemoteIPTrustedProxy 54.2x.x.x # tried /32 and /24
RemoteIPInternalProxy 54.x.x.x/32 # also tried /24
RemoteIPTrustedProxy www...

Using a test PHP page to see if it's working, I see this from print_r($_SERVER);:

[HTTP_X_FORWARDED_BY] => www.....
[HTTP_X_FORWARDED_FOR] => x.x.x.x:x
[SERVER_ADDR] => 10.230.x.x
[SERVER_PORT] => 80
[REMOTE_ADDR] => 54.2x.x.x

And the output from PHP's getheaders function:

[X-Forwarded-By] => www....
[X-Forwarded-For] => x.x.x.x:x

The documentation for mod_remoteip lists 172.16/12 as an intranet IP address. Is the module really refusing to work correctly because it's not detecting an intranet block? I couldn't find anything in the error log about it, either.

It seems silly that it would work that way, but that's the only theory left that makes sense.

Also of note, because I know someone is going to ask: we set up the VPC after we set up the blog server and we just haven't gone through the work of relaunching it inside the VPC. I was trying to get this to work without it, but if that's the problem then we'll look at doing that.

Thanks.

ahwm
  • 121
  • 7

0 Answers0