1

I am trying to configure .htaccess on Apache 2.4 using Require ip X.X.X.X

The problem I am experiencing is that all requests appear to be coming from 127.0.0.1 and not the public IP of the request. I found through searching online that this is likely because of Caching or Proxying on the server.

The server is OS X Server, when I get forbidden on the server, the log shows my request came from 127.0.0.1 - but I am definitely not on the local host. Does apache to any proxying of that sort that could cause that?

The answer I found was:

  1. Turn off the performance cache in Server Admin -> Web -> Settings -> Sites -> Options This acts as a proxy server in front of Apache to improve performance of certain files. However, one side effect is that Apache sees the IP address of the proxy server not the IP address of the user. Performance cache or remote IP addresses. Pick one. You can't have both

Unfortunately, this is an old answer and there is no Server Admin -> Web -> Settings -> Sites -> Options anymore. Any guesses what this might be changing?

broccolifarmer
  • 195
  • 1
  • 7

1 Answers1

0

You may have solved this already. Not sure which version of OSX server you are running, but you are correct in assuming that its a proxy issue. What worked for me was to edit the httpd_server_app.conf file. Within the IfModule log_config_module section you'll find the logging formats.

This one is the one that needs to be edited:

LogFormat "%v %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost

If you change it to this:

LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost

it should fix it.

Edit:

I've since discovered perhaps a better solution. Rather than mucking with the log formats in httpd_server_app.conf file,

if you add/edit this to httpd_server_app.conf file:

<IfModule remoteip_module>
    RemoteIPHeader X-Forwarded-For
    RemoteIPInternalProxy 127.0.0.1
</IfModule>

This will add the upstream internal proxy as a trusted source, which will then fill in the proper client address into remoteaddress. All of the default apache log formats with then show the proper address. The added advantage of this method is that you then can run mod_status (server-status), and it will show the proper client address in it's report.

wdkelper
  • 11
  • 3