Thursday 13 March 2014

mod_reveseproxy: extract client IP from reverse proxy

If you setup Apache 2.4 With mod_remoteip, the apache extendedstatus always gives you the proxy IP, instead of client IP, actually this is due to that the mod_status  set client IP very early when there is a TCP connection but no headers, Apache 2.4 allows per-request notion of overriding the client address, but not at this early stage. To overcome this issue, I would suggest you to use mod_reveseproxy apache module, the modules is completely based on mod_cloudflare and mod_remoteip.


To install, follow the instructions on:


wget https://raw.github.com/Prajithp/mod_reverseproxy/master/mod_reverseproxy.c
apxs -i -c -n mod_reverseproxy.so mod_reverseproxy.c


Configuration Directives


ReverseProxyEnable           (On|Off)          - Enable reverse proxy

ReverseProxyRemoteIPHeader X-Real-IP - The header to use for the real IP
address.
ReverseProxyRemoteIPTrusted 127.0.0.1 - What IPs to adjust requests for


Example Configuration




LoadModule reverseproxy_module modules/mod_reverseproxy.so

<IfModule reverseproxy_module>
ReverseProxyEnable  On
ReverseProxyRemoteIPHeader X-Real-IP
ReverseProxyRemoteIPTrusted 127.0.0.1
ReverseProxyRemoteIPTrusted 46.105.160.192
</IfModule>



NOTES:


  • If mod_cloudflare or mod_remoteip are already loaded on the same web server, the web server will crash because both modules try to set the remote IP to a different value.

https://github.com/Prajithp/mod_reverseproxy




mod_reveseproxy: extract client IP from reverse proxy

No comments:

Post a Comment