Apache/Ubuntu Stack Behind a Reverse Proxy – How to Log the X-Forwarded-For Header and Disable Logging of Proxy Health Checks

Apache/Ubuntu Stack Behind a Reverse Proxy – How to Log the X-Forwarded-For Header and Disable Logging of Proxy Health Checks

Apache HTTP Server sitting behind a reverse proxy is a very common setup, however, by default, Apache will log the source IP address inside the layer 3 header as opposed to the X-Forwarded-Header. This can be inconvenient when checking server logs, because everything will appear as though it is coming from the same IP address.




Another issue that can make poking through logs a bit more painful, is the logging of the constant health checks initiated from the reverse proxy. The logging of these health checks by Apache can lead to the log filling up rapidly with line after line of redundant text.

As you can see, all of this adds complexity to log analysis. If you’re seeking solutions to address these issues, look no further – this guide is designed specifically for you!




Part 1: Log the X-Forwarded-For Header vs L3 IP


Step 1 – Enable the RemoteIP Module

Enable the remoteip module by typing the following:

rmtech@testserver:~$ sudo a2enmod remoteip


Step 2 – RemoteIP Module Configuration

Navigate to /etc/apache2/conf-available and create a configuration file named remoteip.conf.

rmtech@testserver:~$ cd /etc/apache2/conf-available
rmtech@testserver:/etc/apache2/conf-available$ sudo nano remoteip.conf

Nano is being used in this example, however any text editor will work fine.





Add the following contents to the file:

Replace x.x.x.x with the IP address of the reverse proxy. You can also add multiple addresses by adding a space in between them, or define a subnet in CIDR notation.


Examples:


After confirming that everything is correct, save the file and exit the text editor.
Nano Users: Press [ctrl] + [x] (which will prompt you to save) and then [y] followed by [enter].

Next, enable configuration:

rmtech@testserver:/etc/apache2/conf-available$ sudo a2enconf remoteip


Step 3 – Modify the Log Format

Navigate to /etc/apache2, and open apache2.conf.

rmtech@testserver:/etc/apache2/conf-available$ cd /etc/apache2
rmtech@testserver:/etc/apache2$ sudo nano apache2.conf


Scroll down until you see the LogFormat lines:


Look closely, there are 3 places where %h exists:



Save and exit the text editor.

Restart the Apache service:

rmtech@testserver:/etc/apache2$ sudo service apache2 restart





Part 2: Disable Logging of Proxy Health Checks


Step 1 – Enable the SetEnvIF Module

Enable the SetEnvIf module by typing the following:

rmtech@testserver:~$ sudo a2enmod setenvif


Step 2 – Add the SetEnvIf Directive to Apache2.conf

Navigate to /etc/apache2, and open apache2.conf.

rmtech@testserver:~$ cd /etc/apache2
rmtech@testserver:/etc/apache2$ sudo nano apache2.conf


Scroll down until you see LogFormat:


Insert the following line:

Replace x\.x\.x\.x with the IP address you wish omit from the log. In this example, each x is a placeholder for up to 3 digits for each octet of the IP address.


You can add multiple IP addresses by adding multiple statements.


Examples:


Save and exit the text editor.


Step 3 – Add the CustomLog Directive to the Virtualhost Configuration File

Navigate to /etc/apache2/sites-available and open the virtual host file for your website. In this example, rmtech.conf will be used.

rmtech@testserver:/etc/apache2$ cd /etc/apache2/sites-available
rmtech@testserver:/etc/apache2/sites-available$ sudo nano rmtech.conf


Insert the CustomLog directive and conditions into the <VirtualHost> section of the config file.


Example:

Modify the log dir, log file, and log format as needed to suit your personal preferences.



Here is the full breakdown:


Save the file and restart the apache service.

rmtech@testserver:/etc/apache2/sites-available$ sudo service apache2 restart


Congrats! You’re Done!

Go check the logs to confirm that everything is working as intended.




Did you find this page helpful?

PID: 20231209-00001