Obtaining the connecting clients IP address (Real IP) with Apache
Apache is one of the most popular Open Source webservers available. It is possible to retrieve the connecting users IP address from the
X-Real-IP header through the
mod_rpaf module for Apache 2. If you use mod_rpaf on the backend server you do not need to use mod_perl or server side technology to set the remote_ip of the real client you are serving.
Module configuration is pretty simple; there are only two directives to set - RPAFenable and RPAFproxy_ips. With the later you can define which IP's are your frontend proxies that send the correct X-Forwarded-For headers. If you do not use the RPAFproxy_ips directive then the module will not change the remote address of the incoming connection at any time. RPAFsethostname will, when enabled, take the incoming X-Host header and update the VirtualHost settings accordingly.
Apache RPAF version 0.6 or higher gives you the ability to change which header Apache looks at. With the configuration directive RPAFheader you can now change the default X-Forwarded-For to X-Real-IP if you so choose. There are also bugfixes in this version that makes mod_rpaf work correctly with Keep-Alive requests. We recommend using this version or later. mod_rpaf is the most thorough solution for apache2 if you are using AWStats, Webalizer as it retrieves the IP at the server level (not the backend level) so the client IP is stored correctly in logs and statistics.
Installation of mod_rpaf on Debian
libapache2-mod-rpafpackage using your favorite package manager:
apt-get install libapache2-mod-rpaf
Restart Apache to activate these changes:
Edit the RPAF configuration file at
/etc/apache2/mods-available/rpaf.confwith your favorite text editor.
Your configuration should be similar to:
RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 A.B.C.D RPAFheader X-Real-IP
Where "A.B.C.D" is, add your proxy server IP address(es), multiple addresses can be space separated. This will tell mod_rpaf which hosts to get X-Real-IP headers from.
Installation of mod_rpaf on CentOS from Source
The below instructions can be used to install mod_rpaf on CentOS 5 and CentOS 6. It can also be used to install mod_rpaf on RHEL and Fedora Core.
Note: You must make sure that the Apache2 Development Package (CentOS httpd-devel) is installed on your server before you start installing mod_rpaf using the below instructions.
Ensure that the package
httpd-develis installed. To install this package run:
yum install httpd-devel
Download and Extract the mod_rpaf package:
cd /usr/local/src wget http://mirror.trouble-free.net/sources/mod_rpaf-0.6.tar.gz tar xzvf mod_rpaf-0.6.tar.gz cd mod_rpaf-0.6
Build and install mod_rpaf:
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
Add mod_rpaf to Apache configuration:
Find the 'LoadModule' list (near the top) and add the following lines at the bottom of the 'LoadModule' list:
LoadModule rpaf_module modules/mod_rpaf-2.0.so RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 A.B.C.D RPAFheader X-Real-IP
Important Note: Where "A.B.C.D" is, add your proxy server IP address(es), multiple addresses can be space separated. This will tell mod_rpaf which hosts to get X-Real-IP headers from.
You are now finished. Restart Apache using below commands for the changes to take place:
If you run Apache 2.4 or 2.5, use mod_remoteip instead.