Difference between revisions of "Install mod extact forward - Show Real IP behind Proxy"
From Brian Nelson Ramblings
(→How to Show the Real IP when Behind a Proxy) |
(→How to Show the Real IP when Behind a Proxy) |
||
Line 3: | Line 3: | ||
If you are using a load-balancing proxy such as squid, apache itself or caching such as Varnish, you will only find the proxy’s IP in your apache’s access/error logs. One way to fix this issue is to install mod_extract_forwarded which is in the EPEL repo. | If you are using a load-balancing proxy such as squid, apache itself or caching such as Varnish, you will only find the proxy’s IP in your apache’s access/error logs. One way to fix this issue is to install mod_extract_forwarded which is in the EPEL repo. | ||
− | Lets first install the EPEL | + | ===Lets first install the EPEL Repo=== |
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm | wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm | ||
rpm -Uvh epel-release-6*.rpm | rpm -Uvh epel-release-6*.rpm | ||
− | + | ===Install mod_extract_forwarded with YUM=== | |
yum install mod_extract_forwarded | yum install mod_extract_forwarded | ||
Line 18: | Line 18: | ||
echo 'MEFaccept 127.0.0.2' >> /etc/httpd/conf.d/mod_extract_forwarded.conf | echo 'MEFaccept 127.0.0.2' >> /etc/httpd/conf.d/mod_extract_forwarded.conf | ||
− | Now make sure everything is setup correct with apache | + | ===Now make sure everything is setup correct with apache=== |
httpd -t | httpd -t | ||
Line 30: | Line 30: | ||
service httpd restart | service httpd restart | ||
− | Now just check your apache logs, you should be seeing the correct ip in the logs. | + | ===Now just check your apache logs, you should be seeing the correct ip in the logs.=== |
tail -f /var/log/httpd/access.log | tail -f /var/log/httpd/access.log |
Revision as of 19:59, 29 January 2014
Contents
How to Show the Real IP when Behind a Proxy
If you are using a load-balancing proxy such as squid, apache itself or caching such as Varnish, you will only find the proxy’s IP in your apache’s access/error logs. One way to fix this issue is to install mod_extract_forwarded which is in the EPEL repo.
Lets first install the EPEL Repo
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -Uvh epel-release-6*.rpm
Install mod_extract_forwarded with YUM
yum install mod_extract_forwarded
Be sure to enter only the IP address of YOUR load-balancing proxy, no other proxies or even all proxies, otherwise you could find many fake IP addresses in your logs. I am using Varnish Cache with the internal ipaddress of 127.0.0.2.
Now you need to add the proxy ipaddress to the configuration file
echo 'MEFaccept 127.0.0.2' >> /etc/httpd/conf.d/mod_extract_forwarded.conf
Now make sure everything is setup correct with apache
httpd -t
Once you get Syntax OK
httpd -k restart
or
service httpd restart
Now just check your apache logs, you should be seeing the correct ip in the logs.
tail -f /var/log/httpd/access.log