All,
I'm trying to get httpd working behind an AWS ELB but still using the
remote client's information whenever possible.
ELB provides the X-Forwarded-For, X-Forwarded-Port, and
X-Forwarded-Proto HTTP headers. My configuration looks like this:
RemoteIPHeader X-Forwarded-For
#RemoteIPTrustedProxy 10.0.0.0/8
(I commented-out the RemoteIPTrustedProxy line to see if that was the
problem, and it does not appear to have changed the behavior).
My true client IP address is 71.178.xxx.yyy and I'm making a request
through the load balancer. I'm using PHP's "phpinfo()" to dump
everything about the request. I can see that the X-Forwarded-For header
has been /removed/ from the request (which mod_remoteip says will
happen), but I'm still getting the ELB's IP address in my access logs:
10.32.xxx.yyy - - [01/Oct/2014:17:59:27 +0000] "GET /info.php HTTP/1.1"
200 72810 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0)
Gecko/20100101 Firefox/32.0"
I have definitely restarted httpd and mod_remoteip is definitely enabled
(no errors on start, X-Forwarded-For header is being removed from the
headers).
Am I missing something in my configuration?
Thanks,
-chris
Attachment:
signature.asc
Description: OpenPGP digital signature
|