0

I need for a RewriteCond syntax inside the httpd conf the real IP instead of the Proxy / Loabalancer IP. My use case is a maintenance page, that should be displayed to all users except some users from my exception list, defined by IP adresses listed in a seperate file.

I look already to Set REMOTE_ADDR to X-Forwarded-For in apache but I did not get the point I need.

I have configured the Logformat to

LogFormat "%{X-Forwarded-For}i \"test\" %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

My Output is

www.xxx.yyy.zzz "test" 10.0.0.215 - - [22/May/2019:11:09:20 +0200]

but it could also be

www.xxx.yyy.zzz, 10.0.0.12 "test" 10.0.0.215 - - [22/May/2019:11:09:19 +0200]

So I need the first IP extracted in my use case. What I have in my httpd.conf:

RewriteMap exceptions /appli/tecracer/apps/helios-fas/maintenance/exceptions.map

    # Allow Individual IP addresses past maintenance page
    RewriteCond ${exceptions:%{REMOTE_ADDR}} =OK
    RewriteRule ^ - [L]

Instead of REMOTE_ADDR I need here the real IP, the first entry of the X-Forward-For Header information. How I can get this extracted and can I trust, that the first IP is everytime the Client IP?

AlexdD1979
  • 13
  • 4

1 Answers1

0

have you looked at the remoteip_module apache module ?

you need to include it ,configuration is simple:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader x-forwarded-for

my proxy is haproxy, in the backend section:

option  forwardfor

The forwardfor option ensures the forwarded request includes the actual client IP address.

then the remote_addr will be the client IP

vandel
  • 23
  • 3