If you’re using a reverse proxy and want to see the client’s real IP addresses instead of the proxy’s localhost address in Apache2’s log file (or any Apache-based web application which reports the client’s IP address), you might want to have a look at the RPAF module.
The RPAF (Reverse Proxy Add Forward) module will enable Apache2 to report the client’s real IP address through a reverse proxy (like HAProxy). The module essentially replaces the proxy’s IP address with the X-Forwarded-For HTTP header set by the proxy.
Here’s how to install the module it in Debian/Ubuntu:
apt-get install libapache2-mod-rpaf a2enmod rpaf
At least in Ubuntu 12.04, there’s a nasty gotcha in the RPFA’s config file. Here’s what it looks like:
<IfModule mod_rpaf.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 ::1 </IfModule>
You have to remove the two IfModule lines in order to make it work.
Additionally, the reverse proxy needs to be told to set/replace the X-Forwarded-For HTTP header. In case of HAProxy:
defaults log global mode http option forwardfor ...