Client source IP through reverse proxy

After securing an apache web site with an apache reverse proxy, depending on your config sometimes you do not get the client source IP address.

Nginx reverse proxy
In Nginx reverse proxy, create following file:

vi /etc/nginx/conf.d/proxy.conf
proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size   16k;
proxy_buffers       32   16k;
proxy_busy_buffers_size 64k;

In the Apache web server add the following module

apt-get install libapache2-mod-rpaf

In the Nginx web server add the following

set_real_ip_from; (IP of the reverse proxy)
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Apache reverse proxy
In order to transmit visitors IP, put the following lines in your reverse proxy configuration:

ProxyVia on
ProxyPreserveHost on

Apache web server
Specify logs:

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" proxy
SetEnvIf X-Forwarded-For "^.*..*..*..*" forwarded
CustomLog "/var/log/apache2/" combined env=!forwarded
CustomLog "/var/log/apache2/" proxy env=forwarded

If you are using WordPress, you still do not get the source client IP, you have to add the following lines in file wp-config.php

if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match( '/^d{1,3}.d{1,3}.d{1,3}.d{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'] ) )

One thought on “Client source IP through reverse proxy

  1. Pingback: Get client IP in Nginx-Varnish-Apache Stack – Random Stuff from Pothi

Leave a Reply