Setup as follows:
- proxy server (RHEL8 apache 2.4) in DMZ
- contains multiple vhosts
- each vhost acts as a reverse proxy to a web server in the LAN
- connections from the proxy to the backend web server are secured via SSL
- backend server (RHEL8 apache 2.4) in LAN
Problem to solve:
Currently the apache access log of the backend server shows the IP of the proxy instead of the originating client IP. I want to ensure the client IP (who is connecting to the proxy) to be logged in the access log of the backend apache server.
Numerous howto's on the web (e.g.?https://www.globo.tech/learning-center/x-forwarded-for-ip-apache-web-server/) propose to use?RemoteIPHeader X-Forwarded-For.
However it seems that this only works when the proxy connection to the backend uses HTTP. (https://www.linode.com/community/questions/6351/ideas-to-get-x-forwarded-for-working-for-httpsnode-balancer and the "Effectiveness" comment on https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#proxyaddheaders.)
The proxy server has both the public and private keys of the SSL certifcate.
How can I configure the proxy server to add the?X-Forwarded-for?header while keeping the SSL connection to the backend?
Thanks in advance
Bram
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
- proxy server (RHEL8 apache 2.4) in DMZ
- contains multiple vhosts
- each vhost acts as a reverse proxy to a web server in the LAN
- connections from the proxy to the backend web server are secured via SSL
- backend server (RHEL8 apache 2.4) in LAN
Problem to solve:
Currently the apache access log of the backend server shows the IP of the proxy instead of the originating client IP. I want to ensure the client IP (who is connecting to the proxy) to be logged in the access log of the backend apache server.
Numerous howto's on the web (e.g.?https://www.globo.tech/learning-center/x-forwarded-for-ip-apache-web-server/) propose to use?RemoteIPHeader X-Forwarded-For.
However it seems that this only works when the proxy connection to the backend uses HTTP. (https://www.linode.com/community/questions/6351/ideas-to-get-x-forwarded-for-working-for-httpsnode-balancer and the "Effectiveness" comment on https://httpd.apache.org/docs/2.4/en/mod/mod_proxy.html#proxyaddheaders.)
The proxy server has both the public and private keys of the SSL certifcate.
How can I configure the proxy server to add the?X-Forwarded-for?header while keeping the SSL connection to the backend?
Thanks in advance
Bram
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org