Apache mod_remoteip and access logs
Since Apache 2.4 I've started using mod_remoteip instead of mod_extract_forwarded for rewriting client address from x-forwarded-for provided by frontend servers (varnish, squid, apache etc).
So far everything works fine with the modules, i.e. php, cgi, wsgi etc... - client addresses are shown as they should be, but I couldn't write client address in access logs (%a, %h, %{c}a). No luck - I'm always getting 127.0.0.1 (localhost forward ex.).
How to log client's ip address when using mod_remoteip?
Update: IT WORKS O_O - see answer below
varnish configuration:
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
apache 2.4 configuration sections:
mod_remoteip:
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1/8
logging (%a does the job):
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+
if there is a nginx in front (ex. SSL termination):
server {
listen 123.123.123.123:443;
server_name server.com;
root html;
ssl on;
ssl_certificate /etc/pki/httpd/site/chain.crt;
ssl_certificate_key /etc/pki/httpd/site/private.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:6081;
proxy_set_header Host $http_host;
proxy_pass_header Server;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
According to mod_remoteip's documentation, the module should simply replace the client IP address, but only when RemoteIPHeader x-forwarded-for
is set (doc).
Also make sure, your vhost's logging makes use of the CustomLog you have defined.