Posted By : GloboTech Communications

How to get X-Forwarded-For IP addresses in Apache Web Server

X-Forwarded-For, or XFF for short, is a especial HTTP header field that is normally used to identify the originating customer IP address whether or not they are connecting to the server through an HTTP proxy or a load balancer. such web hosting cases where the web server is behind a proxy or a load halter are extremely common, and therefore arises the necessity to be able to log the actual customer ’ s IP address in your system rather of the proxy or load halter IP. In order to be able to identify the node, you will need to configure your spinal column end Apache HTTP Web Server to be able to use the XFF header and render the real customer IP in its log files. otherwise, your Apache server will by default log alone the receiving IP from the connecting proxy or load halter .
This template will show you how you can configure your Apache network waiter to use the X-Forwarded-For header data so that you can avoid corrupt or incorrect logged data when behind a proxy or load balancer. eminence that if your landscape besides uses GeoLocation systems behind your proxy or warhead halter, your geolocation data will be besides corrupt if you do not use the XFF headers.

Getting Started

• 1 Server ( Cloud Server or Dedicated Server ) with install Apache HTTP Web Server


X-Forwarded-For in Practice
We will cover setting up your back end web server to use the limited X-Forwarded-For HTTP header by using the exercise of CloudFlare. CloudFlare is a popular protection serve against Distributed Denial of Service ( DDoS ) attacks and basically acts as a proxy for your network servers. By acting as a reversion proxy for all incoming traffic to your web server, CloudFlare sends all traffic beginning to its own servers for DDoS signal detection before they reach your server .
This beneficial service however comes with the drawback that your web server will process all traffic it receives as originating from the CloudFlare server. This means that in cases where your web lotion relies on the originating visitor IP, it will rather pick up lone the CloudFlare IP address alternatively of the actual original customer ’ s IP address, therefore possibly breaking the application logic and corrupting data such as network traverse. The content of your web server access logs would merely contain the CloudFlare IP address listed as the $ remote_addr. If you use originating IP for GeoLocalisation purposes, you will see your data as though all connections originated precisely from one IP, ruining the location data .
due to the importance of being able to correctly identify your actual originate node, CloudFlare and other such services follow industry standards to include the original visitor ’ s IP address in the X-Forwarded-For header .
Loading the remoteip Module in Apache
In ordering to omit the IP address of the proxy overhaul ( such as CloudFlare ) and rather use the real customer IP, we will need to activate a particular Apache module known as remoteip when using Apache translation 2.4 or higher .
The remoteip faculty is used to treat the useragent, the identify node, initiating the request as the actual customer address, and not the potential load halter, proxy, or early front end waiter address that Apache may be receiving. This means that your Apache web server will rather override the node IP address that it receives as the original useragent, such as the CloudFlare server IP address, in orderliness to rather prefer the raw useragent address from the XFF header as given by the RemoteIPHeader directing .
fortunately, this module is built by nonpayment in your Apache waiter facility and should not require an Apache recompilation. rather, all you have to do is activate remoteip. As ancestor or using the command sudo with a exploiter possessing superuser privileges, execute the following command :
a2enmod remoteip
If you are using sudo, your command will rather look like :
sudo a2enmod remoteip
future, open the Apache server shape file. Depending on your system, this file called apache2.conf will be located in /etc/httpd/conf or /usr/local/apache2/conf. Open the file in a text editor such as nano after navigating to its location :
nano apache2.conf
In the file, search for the follow line :
#LoadModule remoteip_module modules/
Remove the first base # if present from the line so it alternatively looks as follows. then, close and save the file .
LoadModule remoteip_module modules/
Defining Your Proxies and Services
once the remoteip module has been loaded, you will need to edit the Apache distant IP shape file. If it does not yet exist, create it in /etc/apache/conf-available/remoteip.conf. Open the file for editing in your choose text editor program, such as nano shown below :

nano /etc/apache/conf-available/remoteip.conf
The contents of the remoteip.conf file represent your proxy servers or services such as CloudFlare. To add a proxy with the internal IP address in regulate to represent the CloudFlare server for exemplar, you would need to add the following lines :
RemoteIPHeader X-Forwarded-For

You can add as many proxy definitions as you need to the remoteip.conf file in order to configure the use of XFF headers for dealings coming from those proxies when using multiple services or load balancers. An exercise of adding multiple proxies is shown below :
RemoteIPHeader X-Forwarded-For

note that if the end-user has an IP in the inner network however, RemoteIPTrustedProxy as used above will not work. To besides accept home net IPs if it suits your environmental needs, you will need to rather use the following to define your proxies in the configuration charge :
RemoteIPHeader X-Forwarded-For

Save and exit the charge when you are finished .
Configuring Apache Log Formats to Use X-Forwarded-For
adjacent, you will need to modify the log format used by Apache. Open the apache2.conf file in a text editor. Again, this file may be located in /etc/httpd/conf or /usr/local/apache2/conf depending on your system. Navigate to its placement and open the file in a text editor program :
nano apache2.conf
search for the LogFormat agate line within the file. The standard log format for Apache is shown below, you will likely see something exchangeable in your file a well .
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combined
This format captures the header with the % h field, which will use the CloudFlare proxy address in our example by nonpayment. Since we want to rather use the originating customer IP address in log, you will have to modify the LogFormat definition to look as follows :
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
Notice how we have replaced the original heading sphere stead ( % henry ) with the airfield % a. This is the X-Forwarded-For field that is responsible for displaying the correct originating node IP address and would be sent by services such as CloudFlare. Wherever you have a log format definition, replace the % henry with % a to use X-Forwarded-For .
With Apache being highly configurable, you can further modify the log format until it is well suited to your landscape and web applications by playing around with the placement of the XFF header airfield. When you are satisfied with the final format, save and exit the file. Next, you will need to reload Apache in orderliness for your changes to take into impression .
Before reloading the server, you can verify that your shape has no errors in it by using the Apache command apache2ctl :
apache2ctl configtest
If the previous step outputs no errors, you can feel safe reloading to the newfangled shape to start using XFF. Use the service command to restart the Apache web server :

service apache2 restart


once your Apache world wide web waiter restarts, it will begin logging the compensate customer IP savoir-faire information in home of any jobber services you may be using in your landscape. You can rest easy knowing that if you do use a proxy or other similar service, your node information data will be 100 % preserved. share this tutorial with your friends if you found it useful !

beginning :
Category : Website hosting

Leave a Reply

Your email address will not be published.