Pedro Salazar Pedro Salazar - 1 month ago 6
Apache Configuration Question

Can't get Logs to Show Real IP w/ mod_remoteip and Sucuri

Really hope someone can help. I'm trying to the use the Sucuri CloudProxy reverse proxy on my new site.

To try and get the real IP I've installed mod_remoteip.so and it's loaded in my HTTPD config file (/etc/httpd/conf/httpd.conf):

LoadModule remoteip_module /usr/lib64/httpd/modules/mod_remoteip.so


I've also created /etc/httpd/conf.d/mod_remoteip.conf and in there I've added:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader HTTP_X_SUCURI_CLIENTIP
RemoteIPHeader HTTP_X_FORWARDED_FOR
RemoteIPHeader HTTP_X_REAL_IP
RemoteIPTrustedProxy 2a02:fe80::/29
RemoteIPTrustedProxy 192.88.134.0/23


Per their instructions here: https://kb.sucuri.net/cloudproxy/Troubleshooting/same-user-ip

I'm running Apache 2.4.6

httpd -v
Server version: Apache/2.4.6 (CentOS)


I'm also on CentOS 7:

cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)


I've restarted apache multiple times, even tried rebooting, but no matter what I do I can't seem to get the real IP to show up in the logs.

I am using the right log format I believe:

#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


I replaced %h with %a because I was reading on some troubleshooting pages that it had helped, but in my case it didn't. This was the site I was referencing: https://trick77.com/apache2-2-4-logging-remote-ip-address-using-mod_remoteip/

I'm reached the end of my wits.. :(.. any help is greatly appreciated..

Answer

It seems like your "RemoteIPHeader" is not configured properly. Remove what you have there and try to set it only as:

RemoteIPHeader X-Forwarded-For

And it should work. Hope it helps.

thanks,

Comments