1and1 Help Centre Categories

print article

Determine a Client's IP when Using a Load Balanced Server (Apache and Linux)

For 1&1 Cloud Servers with Linux operating systems and Apache HTTT servers

If Apache is behind a load balancer, the actual IP of the user is overwritten by the IP of the load balancer. The log file of Apache then contains only the address of the load balancer. Learn how to log the originating IP address of a user under certain conditions.

The X-Forward-For header is in the http protocol as a result. This header is use to transmit the IP address of the user when it tries to connect through a proxy or load balancer to the web server. Since Apache does not take this header into account by default, the configuration of the Apache HTTP server has to be adapted.

Please note:
Due to technical reasons, passing on the IP address through a load balancer, respectively the described solution, can only be done through encrypted access. No header entry can be made via HTTPS since all communication between client and web server is encrypted (it is impossible to install your own SSL certificate on the load balancer).

Learn how to change the protocol settings of Apache considering the X-Forwarded-For header using the instructions below:

Step 1
Add %{X-Forwarded-For}i to the LogFormat directive in the Apache configuration file apache2.conf (CentOS: httpd.conf).

Below is an example of a LogFormat directive (named "proxy");

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" proxy
Step 2
Add a CustomLog entry to the corresponding Virtual Hosts in the configuration files for your desired domains.

In the following example, Apache is instructed to log the calls with the log format "proxy" in the file access.log using domain-tld:

<VirtualHost domain.tld:80>
#CustomLog logs/access.log combined
CustomLog logs/access.log proxy
Step 3
Restart (or reload) Apache, so all changes will be adapted.