mod_rpaf

Posted on by

When Apache is behind a load balancer, frequently the load balancer IP will be recorded in the access/error logs instead of the actual client IP. This module modifies the inbound requests to show the actual client IP instead of the load balancer IP. This does not work for every load balancer.

This guide assumes you built Apache from source using my guide.

1. Download the mod_rpaf source from http://stderr.net/apache/rpaf/download/
2. Untar the source tarball
3. As root run

/usr/local/apache/bin/apxs -ci mod_rpaf-2.0.c

4. The module will be installed correctly in /usr/local/apache/modules
5. Create a new folder called custom under /usr/local/apache/conf
6. Create a file called httpd-modrpaf.conf in /usr/local/apache/conf/custom with the following content

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 1.2.3.4
RPAFheader X-Forwarded-For

7. Replace 1.2.3.4 with the IP address of the load balancer.
8. Update the RPAFheader with the correct value if your load balancer does not pass “X-Forwarded-For”.
9. Make sure you include the new “custom” folder in your main httpd.conf

Include /usr/local/apache/conf/custom/*.conf

10. Restart Apache web server

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s