Obtaining the connecting clients IP address (Real IP) with Apache
Apache is one of the most popular Open Source webservers available. It is possible to retrieve the connecting users IP address from the X-Real-IP
header through the mod_rpaf
or mod_remoteip
module for Apache 2. If you use mod_rpaf on the backend server you do not need to use any module or server side technology to set the remote_ip of the real client you are serving.
On Apache 2.4 or higher mod_remoteip
is available and recommended. For earlier versions mod_rpaf
should be used and is detailed below.
mod_remoteip (Apache 2.4)
Module configuration is pretty simple; there are only two directives to set - RemoteIPInternalProxy and RemoteIPHeader. With the former you can define which IP's are your frontend proxies that send the correct X-Forwarded-For headers. If you do not use the RemoteIPInternalProxy directive then the module will not change the remote address of the incoming connection at any time. With the configuration directive RemoteIPHeader you can now change the default X-Forwarded-For to X-Real-IP if you so choose.
Installation of mod_remoteip on Debian
Install the
libapache2-mod-remoteip
package using your favorite package manager:apt-get install libapache2-mod-remoteip
Enable
mod_remoteip
by executing:a2enmod remoteip
Restart Apache to activate these changes:
/etc/init.d/apache2 restart
Edit the RPAF configuration file at
/etc/apache2/mods-available/remoteip.conf
with your favorite text editor.nano /etc/apache2/mods-available/remoteip.conf
Your configuration should be similar to:
RemoteIPInternalProxy A.B.C.D RemoteIPHeader X-Real-IP
Where "A.B.C.D" is, add your backend communication addresses, multiple addresses can be space separated. This will tell mod_remoteip which hosts to get X-Real-IP headers from.
mod_rpaf (Apache 2.2 or lower)
Module configuration is pretty simple; there are only two directives to set - RPAFenable and RPAFproxy_ips. With the later you can define which IP's are your frontend proxies that send the correct X-Forwarded-For headers. If you do not use the RPAFproxy_ips directive then the module will not change the remote address of the incoming connection at any time. RPAFsethostname will, when enabled, take the incoming X-Host header and update the VirtualHost settings accordingly.
Apache RPAF version 0.6 or higher gives you the ability to change which header Apache looks at. With the configuration directive RPAFheader you can now change the default X-Forwarded-For to X-Real-IP if you so choose. There are also bugfixes in this version that makes mod_rpaf work correctly with Keep-Alive requests. We recommend using this version or later. mod_rpaf is the most thorough solution for apache2 if you are using AWStats, Webalizer as it retrieves the IP at the server level (not the backend level) so the client IP is stored correctly in logs and statistics.
Installation of mod_rpaf on Debian
Install the
libapache2-mod-rpaf
package using your favorite package manager:apt-get install libapache2-mod-rpaf
Enable
mod_rpaf
by executing:a2enmod rpaf
Restart Apache to activate these changes:
/etc/init.d/apache2 restart
Edit the RPAF configuration file at
/etc/apache2/mods-available/rpaf.conf
with your favorite text editor.nano /etc/apache2/mods-available/rpaf.conf
Your configuration should be similar to:
RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 A.B.C.D RPAFheader X-Real-IP
Where "A.B.C.D" is, add your proxy server IP address(es), multiple addresses can be space separated. This will tell mod_rpaf which hosts to get X-Real-IP headers from.
Installation of mod_rpaf on CentOS from Source
The below instructions can be used to install mod_rpaf on CentOS 5 and CentOS 6. It can also be used to install mod_rpaf on RHEL and Fedora Core.
Note: You must make sure that the Apache2 Development Package (CentOS httpd-devel) is installed on your server before you start installing mod_rpaf using the below instructions.
Ensure that the package
httpd-devel
is installed. To install this package run:yum install httpd-devel
Download and Extract the mod_rpaf package:
cd /usr/local/src wget http://mirror.trouble-free.net/sources/mod_rpaf-0.6.tar.gz tar xzvf mod_rpaf-0.6.tar.gz cd mod_rpaf-0.6
Build and install mod_rpaf:
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
Add mod_rpaf to Apache configuration:
nano /etc/httpd/conf/httpd.conf
Find the 'LoadModule' list (near the top) and add the following lines at the bottom of the 'LoadModule' list:
LoadModule rpaf_module modules/mod_rpaf-2.0.so RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 A.B.C.D RPAFheader X-Real-IP
Important Note: Where "A.B.C.D" is, add your proxy server IP address(es), multiple addresses can be space separated. This will tell mod_rpaf which hosts to get X-Real-IP headers from.
You are now finished. Restart Apache using below commands for the changes to take place:
/etc/init.d/httpd restart
More Information
More information on the X-Real-IP header can be found here. More information on the Apache (httpd) web server can be found on the project website and documentation for the mod_rpaf module.
If you run Apache 2.4 or 2.5, use mod_remoteip instead.