Reverse proxy apache¶

A server behind a reverse proxy need some tweak to be able to get the real IP address of a client.

Open file /etc/apache2/apache.conf :
Change %h (client hostname) to %a (clientIP)

#LogFormat "%h %l %u %t \"%r\" %>s%O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

You also need to enable apache 2.4 mod remoteip (for apache 2.2, there is mod_rpaf)

#remoteip
RemoteIPHeader X-Forwarded-For
#RemoteIPTrustedProxy 192.168.1.3 # external lan ip? like cdn?
RemoteIPInternalProxy 192.168.1.3

Apache 2.2, mod_rpaf¶

aptitude install libapache2-mod-rpaf
a2enmod rpaf

and in /etc/apache2/conf.d/mod_rpaf :

RPAFenable On
RPAFsethostname On
RPAFproxy_ips a.b.c.d e.f.g.h
RPAFheader X-Forwarded-For