{"id":590,"date":"2013-01-14T11:46:44","date_gmt":"2013-01-14T10:46:44","guid":{"rendered":"http:\/\/elkano.org\/blog\/?p=590"},"modified":"2013-01-14T11:48:37","modified_gmt":"2013-01-14T10:48:37","slug":"using-rpaf-apache-module-to-preserve-client-ip","status":"publish","type":"post","link":"https:\/\/elkano.org\/blog\/using-rpaf-apache-module-to-preserve-client-ip\/","title":{"rendered":"Using rpaf Apache module to preserve client IP"},"content":{"rendered":"

Suppose you have two web servers on your network, public Server A and private Server B. Maybe you want to publish some sections of your private server on internet using Apache proxy module. In this example, “users” path on www.server_a.com is redirected to www.server_b.com\/users , because Server A is in the same private network as Server B is, Server A knows how to reach Server B and redirects the web requests to it. The problem here is that Server B will always have the IP of Server A in all requests (192.168.20.50).<\/p>\n

Server A<\/strong>
\nPublic IP<\/span>: 85.164.26.20
\nPrivate IP<\/span>: 192.168.20.50<\/p>\n

 ProxyRequests Off\r\n ProxyPreserveHost On\r\n ProxyPass \/users http:\/\/www.server_b.com\/users\r\n ProxyPassReverse \/users http:\/\/www.server_b.com\/users<\/pre>\n
Server B<\/strong>
\nPrivate IP<\/span>: 192.168.20.51<\/p>\n
To solve this problem you can use rpaf<\/a> module for Apache2. Explanation from the author: <\/p>\n
“It changes the remote address of the client visible to other Apache modules when two conditions are satisfied. First condition is that the remote client is actually a proxy that is defined in httpd.conf. Secondly if there is an incoming X-Forwarded-For header and the proxy is in it's list of known proxies it takes the last IP from the incoming X-Forwarded-For header and changes the remote address of the client in the request structure.”<\/em><\/p>\n
In this case rpaf translates the remote address 192.168.20.50 to real client address sent in X-Forwarded-For header.<\/p>\n
1- Install rpaf module on Server B<\/p>\n
# apt-get install libapache2-mod-rpaf<\/pre>\n
2- Configure your virtualhost in Server B to use rpaf module:<\/p>\n
RPAFenable On\r\nRPAFsethostname On\r\nRPAFproxy_ips 192.168.20.50<\/pre>\n
3- Restart apache<\/p>\n
\r\n# apachect restart\r\n<\/pre>\n
Now, you will see the real client IP in your apache access logs.<\/p>\n","protected":false},"excerpt":{"rendered":"
Suppose you have two web servers on your network, public Server A and private Server B. Maybe you want to publish some sections of your private server on internet using Apache proxy module. In this example, “users” path on www.server_a.com is redirected to www.server_b.com\/users , because Server A is in the same private network as […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[75,77,76],"_links":{"self":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts\/590"}],"collection":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/comments?post=590"}],"version-history":[{"count":15,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts\/590\/revisions"}],"predecessor-version":[{"id":605,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/posts\/590\/revisions\/605"}],"wp:attachment":[{"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/media?parent=590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/categories?post=590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/elkano.org\/blog\/wp-json\/wp\/v2\/tags?post=590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}