Menu
In a situation where Apache is sitting behind a reverse proxy (such as Squid), the cgi environment variable REMOTE_ADDR gets the address of the proxy rather than the client.
However, the proxy will set a header called X-Forwarded-For to contain the original IP address of the client so that Apache can see it.
The question is, how do we get Apache to replace REMOTE_ADDR with the value in the X-Forwarded-For header so that all of the web applications will transparently see the correct address?
280
Yes. Add the mod_remoteip package to the apache behind the proxy server. mod_remoteip replace the IP address of the proxy server with the value of X-Forward-For which contains the original IP address of the web client. Remember to always use this with RemoteIPInternalProxy or similar security feature.
Yes, it's safe. It is the source IP of the TCP connection and can't be substituted by changing an HTTP header.
You can use mod_rpaf for that. http://stderr.net/apache/rpaf/
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
