Pass the client IP to Apache from Varnish

Varnish is a great server for the static layer of our Drupal installations and we use or recommend it in the vast majority of installations, there are some special cases where we must make adjustments to the Varnish or Apache configuration so that we do not experience problems with some modules such as the voting API when we require blocking by IP, since Apache sends the response directly to Varnish and not to the user's browser, the IP that we will register will be the local IP 127.0.0.1

 

To solve this, we can use the RPAF module for Apache that basically allows us to take the IP registered by the proxy that is in front of our Apache and applies it to the remote address in Apache, you can expand the information at: http://www.stderr.net/apache/rpaf/

To install the module we follow the following steps (These were performed on the Linux CentOS 5 distribution).

 #yum install httpd-devel

# wget http://www.stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz

# tar zxvf mod_rpaf-0.6.tar.gz
# cd mod_rpaf-0.6
# sed -i 's/APXS2=\$(shell which \(apxs2\))/APXS2=\$(shell which apxs)/' Makefile
# make rpaf-2.0 && make install-2.0

After installing the module from the compilation of the binaries, we proceed to enable it and establish the configuration for Apache, in such a way that we create a file called rpaf.conf in the Apache configuration files directory.

# nano /etc/httpd/conf.d/mod_rpaf.conf

This file must contain the following instructions:

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For

 

Finally we restart Apache.

 

# service httpd restart

 

To check if our changes work, we can run the following script in PHP

 

$clientip = $_SERVER['HTTP_CLIENT_IP'];
$remoteaddr = $_SERVER['REMOTE_ADDR'];
$xforwardedfor = $_SERVER['HTTP_X_FORWARDED_FOR'];

 

echo "

portalseedem , 28.06.2024 | Posted in