Apache httpd mod_remoteip fails to work
Issue
-
Setup a simple 2-node reverse proxy setup -- i.e., one frontend system using
ProxyPass&ProxyPassReverseto forward to another backend system, e.g.:[root@frontend ~]# echo ProxyPass / http://backend.example.com/ >/etc/httpd/conf.d/proxy-to-backend.conf [root@frontend ~]# echo ProxyPassReverse / http://backend.example.com/ >>/etc/httpd/conf.d/proxy-to-backend.conf -
Make sure the backend system has mod_remoteip loaded
[root@backend ~]# grep -r mod_remoteip /etc/httpd/ /etc/httpd/conf.modules.d/00-base.conf:LoadModule remoteip_module modules/mod_remoteip.so -
Declare
RemoteIPHeaderon the backend and ensure access logging includes the%atoken, e.g.:[root@backend ~]# echo RemoteIPHeader X-Forwarded-For >/etc/httpd/conf.d/remoteip.conf [root@backend ~]# echo 'LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" modremoteip >>/etc/httpd/conf.d/remoteip.conf [root@backend ~]# echo 'CustomLog "logs/test-modremoteip" modremoteip' >>/etc/httpd/conf.d/remoteip.conf -
Test getting content from the frontend and notice the IP that shows up in the backend log is not the IP of the originating requester (which would signify that mod_remoteip was doing its job), but instead it is still the IP of the frontend proxy server
Environment
- Apache HTTP Server v2.4 from one of:
- Red Hat Enterprise Linux (RHEL) 7
- Red Hat Software Collections (RHSCL)
- Red Hat JBoss Web Server (JWS) 3
- Red Hat JBoss Core Services (JBCS)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.