Nginx and Apache – log real client IP
Posted by danielJun 18
Nginx / Apache – log real client IP or x-forwarded-for address.
Web servers such as Nginx or Apache when configured as reverse proxy behind a load balancer, they log the IP address of the load balancer in the access logs as the source IP. For practical use cases, you will usually want to log the actual client IP addresses.
In this setup, Nginx is setup to mimic a load balancer (reverse proxy) with multiple Apache web servers as backend.
1. Nginx snippet configuration to set x_forwarded_for proxy header –
server {
listen 80;
listen 443 default ssl;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
.....
}
2. Apache snippet Configuration to capture x_forwarded_for header in the access logs –
<VirtualHost *:443>
ServerAdmin webmaster@home.net
DocumentRoot /var/www/homenet
ServerName todo.home.net
...
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/todo.home.net-ssl_access_log" combined env=!forwarded
CustomLog "logs/todo.home.net-ssl_access_log" proxy env=forwarded
</Virtual>
Before making the above custom changes , the logs showed the load balancer IP 192.168.10.162 only –
192.168.10.162 - - [19/Mar/2015:16:21:10 -0700] "GET /signup.php HTTP/1.0" 200 1237 192.168.10.162 - - [19/Mar/2015:16:21:11 -0700] "GET /login.php HTTP/1.0" 200 1715
After the change the client IP (192.168.10.105) was logged –
192.168.10.105 - - [19/Mar/2015:16:26:43 -0700] "GET / HTTP/1.0" 200 1311 "https://todo.home.net/login.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0" 192.168.10.105 - - [19/Mar/2015:16:26:44 -0700] "GET /signup.php HTTP/1.0" 200 1237 "https://todo.home.net/" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:35.0) Gecko/20100101 Firefox/35.0"
References –
https://www.nginx.com/resources/wiki/start/topics/examples/likeapache/
22 comments
You must be logged in to post a comment.