Get client IP in Apache HTTPD

Recover client IP address in Apache HTTPD logs as well as in application (PHP language), behind the ALOHA when using HAProxy.


Objective

Recover client IP address in Apache HTTPD logs as well as in application (PHP language), behind the ALOHA when using HAProxy.


Complexity

1


Versions

v3.x and later

ALOHA load balancer How to get X-forwarded-for data in Apache


Synopsis

Users send requests to web servers through the ALOHA Load-Balancer configured in Reverse-Proxy mode.

In this mode, the ALOHA uses its own IP address to get connected on the web servers, hiding the client IP address.

Unfortunately, the application hosted on web servers must know the client IP address. The ALOHA can be configured to send the client IP address in an HTTP header.

The RPAF module is installed on web servers in order to add Apache the ability to recover and record the IP address from a HTTP header.

By default, the ALOHA Load-Balancer use the HTTP header "X-Forwarded-For" to forward the client IP address.


Installation and configuration

Debian Squeeze 6.0 / Apache HTTPD 2

Debian proposes mod_rpaf in its repository. Installation is very basic:

sudo apt-get install libapache2-mod-rpaf
sudo a2enmod rpaf

Update the content of the file /etc/apache2/mods-enabled/rpaf.conf with the content below:

</IfModule rpaf_module>
RPAFenable On
RPAFsethostname On
# list your proxies IP address below
RPAFproxy_ips 10.0.0.1 10.0.0.2
</IfModule>
IPs 10.0.0.1 and 10.0.0.2 are the ALOHA cluster IP addresses

Restart apache

sudo service apache2 restart

Centos 5.x and 6.x / Apache HTTPD 2

Centos or Redhat don’t include mod_rpaf in their supported packages. We have to get sources and compile it by hand.

sudo yum install -y httpd-devel
cd /usr/src
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar xzvf mod_rpaf-0.6.tar.gz
ln -s mod_rpaf-0.6 mod_rpaf
cd mod_rpaf
sudo apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

Update the file /etc/httpd/conf.d/mod_rpaf.conf with the content below:

LoadModule rpaf_module modules/mod_rpaf-2.0.so
<IfModule rpaf_module>
RPAFenable On
RPAFsethostname On
# X-Forwarded-For is commonly used

# but could be overwritten with the directive below
RPAFheader X-Forwarded-For
# list your proxies IP address below
RPAFproxy_ips 10.0.0.1 10.0.0.2
</IfModule>
IPs 10.0.0.1 and 10.0.0.2 are the ALOHA cluster IP addresses

Restart apache

sudo service httpd restart

Client IP in PHP

The client IP is now available in the variable $_SERVER[’REMOTE_ADDR’].