Configure Apache server to log client’s public IP addresses behind a Load Balancer
Log Client IP
OBJECTIVE
Today, We are configuring Apache to log the client’s source IP Address behind a load balancer, to track the authenticity of hits requested on your web server. This data collection will add a lot of advantage to your work. You can track and block IP addresses attempting DOS or DDOS attack to your website, using Web Application Firewall. Get the insights for Geolocation Setup and launch servers in multiple locations based on traffic generated from multiple regions. There is lot more to do, with this tracked data.
CONFIGURING
- Locate the Apache main configuration file. I am using Ubuntu. For Ubuntu file is located at location /etc/apache2/apache2.conf
vim /etc/apache2/apache2.conf
- Discover the keyword LogFormat and find the default text printed below in the apache configuration file.
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
- Edit the configuration file and add a line to the top of LogFormat with %{X-Forwarded-For}.
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_with_forwarded_for
- A full preview of the edited configuration file.
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_with_forwarded_for
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
- Save the apache’s configuration file.
- Now go to your desired vhost configuration file. This can be found in /etc/apache2/sites-available. I am using the default configuration file for this demonstration: /etc/apache2/sites-available/000-default.conf
cd /etc/apache/sites-available
- Modify the configuration file /etc/apache2/sites-available/000-default.conf
vim /etc/apache2/sites-available/000-default.conf
- Find out keyword CustomLog in the configuration file.
- Default CustomLog entry.
CustomLog ${APACHE_LOG_DIR}/access.log combined
- Modified CustomLog entry.
CustomLog /var/log/apache2/access.log combined_with_forwarded_for
- Again, Save the configuration file /etc/apache2/sites-available/000-default.conf
- Restart the Apache Web Server
service apache2 restart
VERIFYING THE LOG’S
- Check the log file to verify if client’s remote public is logging or not.
tail -f /var/log/apache2/access.log 192.30.2.52 (70.60.84.194) - - [31/Aug/2017:15:34:22 +0000] "GET /index.html" 200 72 "https://linuxtogether.org/index.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
CONCLUSION
Finally, we can log the client’s Remote Public IP Address behind the load balancer, following the above listed easy steps. Hope you guys will find this tutorial as “Bed of roses”.
Recent Comments