Apache: get the originating host ip

Apply to: apache and apache2

Aim: get the originating IP of the client host, by default logs contain the IP of the proxy if the client use a proxy. This is a problem:

• with statistics (like with awstats) because some proxy use multiple IPs (aol for ex.) in the same visit.
• multiples visits could be seen as a unique one

Warnings:

• There is a solution which replaces the client IP used everywhere in apache with the X-Forwarded-For value if it exists. But this solution is to use just with trusted proxy, else it would be a security hole.
• X-Forwarded-For is a header field and then can be forged, don't use it for legal or security reason.

Solution:

1. Define two logformat, one with the host IP (%h), one with the value of X-Forwarded-For:

   LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
   LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_forwarded
   

2. define an environment variable if a proxy is used:

   # Log the originating ip if use a proxy
   SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
   

3. Use different log depending on "from_proxy"

   CustomLog /var/log/apache2/maretmanu.org-access.log combined env=!from_proxy
   CustomLog /var/log/apache2/maretmanu.org-access.log combined_forwarded env=from_proxy
   

4. reload your apache