Apache2 2.4+ not logging remote IP address using mod_remoteip

Since there’s no support for mod_rpaf in Apache2 2.4+ it’s recommended to use mod_remoteip instead if Apache2 is running behind a proxy like HAProxy.

mod_remoteip can be enabled using

a2enmod remoteip

It can be fine tuned in ./conf-available/remoteip.conf. You have to manually create the file if it doesn’t exist.

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1

And don’t forget to

a2enconf remoteip
service apache2 restart

While the remote IP address is injected into PHP just fine, Apache2 continues to log 127.0.0.1 as the remote IP address in access.log.

A modification is required in apache2.conf:

#LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

%h has to be replaced with %a. I’m not sure if this is a bug or not but Apache2 will log the real remote IP address from now on.

If you’re still seeing 127.0.0.1 then maybe your proxy doesn’t forward the remote IP address to Apache2. For HAProxy, use the forwardfor option:

  option        forwardfor

3 thoughts on “Apache2 2.4+ not logging remote IP address using mod_remoteip

  1. I am geting, when I am trying to run “a2enmod remoteip”
    ERROR: Module remoteip does not exist!

    I have created a folder conf-available in /etc/apache2/ and then added remoteip.conf. After this restarted the apache server

    • You need a2enconf remoteip
      If it’s in conf-available it’s a2enconf
      If it’s in mods-available it’s a2enmod
      in sites-available it’s a2ensite

Comments are closed.