cloudflare

Apache Show Real IP Address when using CloudFlare

When using Apache web server behind cloudflare, apache logs show cloudflare IP address instead of real visitor IP address. To show actual visitor IP address, you need to install mod_cloudflare apache module.

Before you can install the module, you need to install following requirments.

On Debian/Ubuntu server,

Now install mod_cloudflare with

Restart apache web server with

Verify mod_cloudflare apache module is loaded with

apache cloudflare module

Redirect site to HTTPS excluding a folder

On a web site, customer need to redirect all pages to HTTPS, but want to keep files in one of the folder on HTTP.

For this, i used following in .htaccess file.

Here any url like yourdomain.extn/auth/ will not get redirected to HTTPS.

See Redirect

apache-http-webserver

Apache Show Real IP Behind Reverse Proxy on CentOS

When Apache web server running behind reverse proxy or load balancer, server log and scripts show IP of reverse proxy server or load balancer as IP of visitor. To fix this, you need to configure revese proxy or load balancer to forward Real IP of visitor on Header X-Forwarded-For, this most load balacner do by default.

Edit Apache configuration file

Add

Example

Doing this will make PHP scripts show real IP of visitor. You need to restart Apache web server before the change take effect. You can verify by creating a PHP script with content

To make Apache show real IP in access log, edit

Find

Replace with

Restart Apache web server

Apache run web site as user with mod_ruid2

mod ruid2 allow you to run web site as differnt user from the one web server is running. This is helpfull when you have multiple web sites on same Apache web server.

To install mod_ruid2 on Ubuntu/Debian server, run

Edit VirtualHost entry for the web site, add

Restart Apache

Now website will run as user specified in line

Example

See Apache

apache-http-webserver

Apache Increase FD limit

On CentOS 7 sevrer running apache, when try to install plugin in WordPress admin area, i get error

This is due to Apache File Descriptor Limits.

To see current Limits, use following PHP script

To see system wide limits, use following commands

Normally this will be high value. You need to increse limit for user running Apache. On CentOS 7, the username is “apache”. To increase limit for this user, edit

Add following lines

To verify, we need to login as user Apache, and verify limits, for this, lets enable SSH or bash terminal for user apache. By default no SSH login allowed for this user.

Now change to user, verify the limits

Exit back to root, disable shell for user apache with command.

We need to edit service file for Apache. Default service file look like following.

Find

Add below

Method 2

create file

Add

Reload service file with

Restart Apache

See Apache

gunicorn behind Apache web server

gunicorn is a python application server used to run python applications in production. This is normally run behind web servers like nginx or apache.

To configre gunicorn behind apache, enable following apache modules.

Restart apache web server

For web site running pythin application, add a virtual host like following.

Apache Invalid command AuthGroupFile

On Plesk server, i get following error on error_log for a site

This is because authz_groupfile apache module was not loaded. To load this, run

To verify the module is loaded, run

Apache Limit access to a url

I want to limit access to admin login url of a web application to specified IP address.

The web site had admin login in following URL

https://domain.com/login

To limit IP address, i edited Apache VirtualHost configuration for this web site, added

Restart apache

Or

Now only IP listed on the Allow from directive are allowed to access the /login URL.

NOTE: this won’t work in .htaccess file. You need to add it in Apache VirtualHost.