Apache/Varnish/PHP: Just to confirm, is it possible to automatically update $_SERVER['REMOTE_ADDR'] to have the real client's IP?

apache-2.2 php varnish

I just cannot seem to get the real client IP to show in PHP's $_SERVER['REMOTE_ADDR']. It shows in $_SERVER['X_FORWARDED_FOR'], but the $_SERVER['REMOTE_ADDR'] always points to the Varnish service IP.

I've played around with just about every Varnish vcl suggestion I could find. I've installed Apache module mod_rpaf. But I still cannot get $_SERVER['REMOTE_ADDR'] to reflect the client's real IP...

So my question is, is this even possible? Does everyone who uses Varnish have to do something like this for all PHP applications?:

$_SERVER['REMOTE_ADDR'] = $_SERVER['X_FORWARDED_FOR'];

Or am I simply not configuring it correctly?


Solution 1:

mod_extract_forwarded is most supported, stable and available module for this. Included in all major distributions.

http://www.openinfo.co.uk/apache/

Solution 2:

As mentioned, use mod_extract_forwarded.

If you get the following error when reloading the apache configuration:

Syntax error on line 1 of /etc/httpd/conf.d/mod_extract_forwarded.conf: Cannot load /etc/httpd/modules/mod_extract_forwarded.so into server: /etc/httpd/modules/mod_extract_forwarded.so: undefined symbol: proxy_hook_scheme_handler

Just load the mod_proxy module before mod_extract_forwarded. Works fine on CentOS 6.4.

Related

High # of sockets in TIME-WAIT state, server unresponsive at load
Postfix Sender Verification 550
Using Group Policy to set Domain client language / regionalization
How to set up Incoming Connection over modem for offline Windows 7 system
SQL Clustering or Hyper V Clustering
linux log memory hogging issue
How can I make a user and give read only access?
Launching Installer Via Powershell and WinRM and Nothing Happens
Migrating physical machine to KVM
What causes “SYN to LISTEN sockets dropped”?
Workaround for using ".local" as a Leopard Server's hostname?
using rsync through secure ssh in a cron job