cb2.0 nginx_apache how to get real ip

[alect]

I tried to install cb2.0 nginx_apache yesterday,apache can't get the real client ip

Apache/2.4.10 nginx 1.6.1
I edit the httpd.conf file to use built-in module mod_remoteip.so

#LoadModule remoteip_module /usr/lib/apache/mod_remoteip.so
RemoteIPHeader X-Real-IP
RemoteIPInternalProxy 127.0.0.1

but i still can't get the real client ip,the server-status page show all 127.0.0.1

any suggestion？

 

[zEitEr]

Hello,

It gets real IPs, you may see in $_SERVER with PHP or in apache logs; but it shows incorrect IP in apache's server status.

Make sure to have unzip installed on your server:

RHEL/CentOS

yum install unzip

Debian/Ubuntu

apt-get install unzip

You need to install mod_rpaf for that, as remoteip is buggy in this case:

cd /usr/local/src
wget [URL]https://github.com/y-ken/mod_rpaf/archive/master.zip[/URL]
unzip master.zip
cd mod_rpaf-master
/bin/sed -i "s/remote_/client_/g" mod_rpaf-2.0.c
make && make install

and insert following instructions:

LoadModule rpaf_module      /usr/lib/apache/mod_rpaf-2.0.so
<IfModule mod_rpaf-2.0.c>
    RPAFenable On
    RPAFproxy_ips 127.0.0.1 11.22.33.44
    RPAFsethostname On
    RPAFheader X-Client-IP
</IfModule>

into /etc/httpd/conf/extra/httpd-includes.conf

and replace 11.22.33.44 with a list of all public ips on your network device.

and restart apache.

 

[alect]

thanks alex,I will try about it.

 

[smtalk]

You can still see real IPs in logs. Please participate in https://issues.apache.org/bugzilla/show_bug.cgi?id=55886, if you'd like to see the bug with mod_status fixed.

 

[alect]

it works.thanks.
but When I use Cloudflare or Incapsula CDN services,it seems only show client ip of the proxy ips(cloudflare ips or incapsula ips),
and i have already added their ips to the list.any suggestion?

 

[zEitEr]

Do they [Cloudflare or Incapsula CDN] send a real ip of your visitors and how?

 

[alect]

thank you all folks.
I have found answer via http://centminmod.com/nginx_configure_cloudflare.html

I have to modify nginx instead of apache.

simplely add these code to /etc/nginx/nginx.cof and it works.

# Incapsula
set_real_ip_from 199.83.128.0/21;
set_real_ip_from 198.143.32.0/19;
set_real_ip_from 149.126.72.0/21;
set_real_ip_from 103.28.248.0/22;
set_real_ip_from 45.64.64.0/22;
set_real_ip_from 185.11.124.0/22;
set_real_ip_from 192.230.64.0/18;
real_ip_header X-Forwarded-For;

 

[zEitEr]

You probably need to replace

real_ip_header X-Forwarded-For;

with

real_ip_header X-Client-IP;

in nginx.conf and remember to modify /usr/local/directadmin/custombuild/configure/nginx_reverse/conf/nginx.conf and copy it to /usr/local/directadmin/custombuild/custom/nginx_reverse/conf/nginx.conf

 

[alect]

@zEitEr,
so far it works fine now,
I have checked the httpd logs,
everything looks good,and apache server-status page shows correct ips.

 

[zEitEr]

To protect your changes in nginx.conf you are recommended to put them into /usr/local/directadmin/custombuild/configure/nginx_reverse/conf/nginx.conf and copy it to /usr/local/directadmin/custombuild/custom/nginx_reverse/conf/nginx.conf. Otherwise you might lose them.

 

[smtalk]

Some news: ap_get_remote_host() should be fixed today in Apache trunk so that server/core.c would correctly return useragent_ip, and not client_ip And patching could be included into CB 2.0 then.

 

[smtalk]

A patch is now added to CB 2.0 So, "./build update; ./build apache" is enough to fix the problem

 

[gate2vn]

I hate to re-open an old thread, but I am facing to this trouble in 2 servers. Both are running DA 1.49.1 with CB 2.0.0 (rev: 1457). Server-status page always shows the server IP, not user IPs. Here is the compiled modules. Do I miss anything?

# httpd -l
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_dbm.c
mod_authn_anon.c
mod_authn_dbd.c
mod_authn_socache.c
mod_authn_core.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_dbm.c
mod_authz_owner.c
mod_authz_dbd.c
mod_authz_core.c
mod_access_compat.c
mod_auth_basic.c
mod_auth_form.c
mod_auth_digest.c
mod_allowmethods.c
mod_file_cache.c
mod_cache.c
mod_cache_disk.c
mod_cache_socache.c
mod_socache_shmcb.c
mod_socache_dbm.c
mod_socache_memcache.c
mod_so.c
mod_macro.c
mod_dbd.c
mod_dumpio.c
mod_buffer.c
mod_ratelimit.c
mod_reqtimeout.c
mod_ext_filter.c
mod_request.c
mod_include.c
mod_filter.c
mod_substitute.c
mod_sed.c
mod_deflate.c
http_core.c
mod_mime.c
mod_log_config.c
mod_log_debug.c
mod_logio.c
mod_env.c
mod_expires.c
mod_headers.c
mod_unique_id.c
mod_setenvif.c
mod_version.c
mod_remoteip.c
mod_proxy.c
mod_proxy_connect.c
mod_proxy_ftp.c
mod_proxy_http.c
mod_proxy_fcgi.c
mod_proxy_scgi.c
mod_proxy_wstunnel.c
mod_proxy_ajp.c
mod_proxy_balancer.c
mod_proxy_express.c
mod_session.c
mod_session_cookie.c
mod_session_dbd.c
mod_slotmem_shm.c
mod_ssl.c
mod_lbmethod_byrequests.c
mod_lbmethod_bytraffic.c
mod_lbmethod_bybusyness.c
mod_lbmethod_heartbeat.c
mod_unixd.c
mod_dav.c
mod_status.c
mod_autoindex.c
mod_info.c
mod_suexec.c
mod_cgi.c
mod_dav_fs.c
mod_dav_lock.c
mod_vhost_alias.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_speling.c
mod_userdir.c
mod_alias.c
mod_rewrite.c

 

[smtalk]

What's the version of apache? Please check "httpd -v".

 

[gate2vn]

I am using 2.4.17. But all are fine after running "./build rewrite_confs". Is that command fixing apache/nginx only, or other configurations such as exim, ftp, etc. too?

Thanks.

 

[smtalk]

The command affects WWW server configs only (in your case nginx&apache).

 

[gate2vn]

It would be nice that the command shows what it did with the config, or at least which file it restored

Thanks.

 

[NaSRi]

For people who are looking for cloudflare on apache use this guide
https://support.cloudflare.com/hc/e...-restore-original-visitor-IP-with-Apache-2-4-