Apache Show Real IP Behind Reverse Proxy on CentOS
When Apache web server running behind reverse proxy or load balancer, server log and scripts show IP of reverse proxy server or load balancer as IP of visitor. To fix this, you need to configure revese proxy or load balancer to forward Real IP of visitor on Header X-Forwarded-For, this most load balacner do by default.
Edit Apache configuration file
1 |
vi /etc/httpd/conf.d/remoteip.conf |
Add
1 2 |
RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy IP_OF_YOUR_PROXY_SERVER_HERE |
Example
1 2 3 4 |
[root@localhost ~]# cat /etc/httpd/conf.d/remoteip.conf RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 192.168.122.1 [root@localhost ~]# |
Doing this will make PHP scripts show real IP of visitor. You need to restart Apache web server before the change take effect. You can verify by creating a PHP script with content
1 |
<?php echo $_SERVER["REMOTE_ADDR"]; |
To make Apache show real IP in access log, edit
1 |
vi /etc/httpd/conf/httpd.conf |
Find
1 |
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
Replace with
1 |
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined |
Restart Apache web server
1 |
systemctl restart httpd |