Mike, On 10/1/14 5:40 PM, Mike Rumph wrote: > What version of Apache httpd are you running? Thanks for the reply. We are running 2.4 and 2.2 on various servers, but I'm starting with this one: Server version: Apache/2.4.10 (Amazon) Server built: Jul 30 2014 23:57:28 This is the httpd package that Amazon bundles with its Amazon Linux. If possible, I'd prefer to continue to use their packages. > There have been some mod_remoteip fixes in recent 2.4.x releases. > > You could also try setting up some LogFormat directives as in bug 55635 > to get more information on this. > - https://issues.apache.org/bugzilla/show_bug.cgi?id=55635#c1 I'll modify my log format and post what I get under various circumstances. FWIW, I currently have no "Allow" or "Deny" directives in effect. I was planing eventually to say "Allow from 10/8" or something equivalent to only allow connections to this virtual host from the load-balancer. If that's not going to work, it's easily done at the OS or firewall level. Thanks, -chris > On 10/1/2014 11:00 AM, Christopher Schultz wrote: >> All, >> >> I'm trying to get httpd working behind an AWS ELB but still using the >> remote client's information whenever possible. >> >> ELB provides the X-Forwarded-For, X-Forwarded-Port, and >> X-Forwarded-Proto HTTP headers. My configuration looks like this: >> >> RemoteIPHeader X-Forwarded-For >> #RemoteIPTrustedProxy 10.0.0.0/8 >> >> (I commented-out the RemoteIPTrustedProxy line to see if that was the >> problem, and it does not appear to have changed the behavior). >> >> My true client IP address is 71.178.xxx.yyy and I'm making a request >> through the load balancer. I'm using PHP's "phpinfo()" to dump >> everything about the request. I can see that the X-Forwarded-For header >> has been /removed/ from the request (which mod_remoteip says will >> happen), but I'm still getting the ELB's IP address in my access logs: >> >> 10.32.xxx.yyy - - [01/Oct/2014:17:59:27 +0000] "GET /info.php HTTP/1.1" >> 200 72810 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) >> Gecko/20100101 Firefox/32.0" >> >> I have definitely restarted httpd and mod_remoteip is definitely enabled >> (no errors on start, X-Forwarded-For header is being removed from the >> headers). >> >> Am I missing something in my configuration? >> >> Thanks, >> -chris >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >
Attachment:
signature.asc
Description: OpenPGP digital signature
|