Suppose you have two web servers on your network, public Server A and private Server B. Maybe you want to publish some sections of your private server on internet using Apache proxy module. In this example, “users” path on www.server_a.com is redirected to www.server_b.com/users , because Server A is in the same private network as Server B is, Server A knows how to reach Server B and redirects the web requests to it. The problem here is that Server B will always have the IP of Server A in all requests (192.168.20.50).
Server A
Public IP: 85.164.26.20
Private IP: 192.168.20.50
ProxyRequests Off ProxyPreserveHost On ProxyPass /users http://www.server_b.com/users ProxyPassReverse /users http://www.server_b.com/users
Server B
Private IP: 192.168.20.51
To solve this problem you can use rpaf module for Apache2. Explanation from the author:
“It changes the remote address of the client visible to other Apache modules when two conditions are satisfied. First condition is that the remote client is actually a proxy that is defined in httpd.conf. Secondly if there is an incoming X-Forwarded-For header and the proxy is in it's list of known proxies it takes the last IP from the incoming X-Forwarded-For header and changes the remote address of the client in the request structure.”
In this case rpaf translates the remote address 192.168.20.50 to real client address sent in X-Forwarded-For header.
1- Install rpaf module on Server B
# apt-get install libapache2-mod-rpaf
2- Configure your virtualhost in Server B to use rpaf module:
RPAFenable On RPAFsethostname On RPAFproxy_ips 192.168.20.50
3- Restart apache
# apachect restart
Now, you will see the real client IP in your apache access logs.
8 thoughts to “Using rpaf Apache module to preserve client IP”