{"id":759,"date":"2016-07-10T12:02:04","date_gmt":"2016-07-10T12:02:04","guid":{"rendered":"http:\/\/www.tech-g.com\/?p=759"},"modified":"2023-06-16T09:20:52","modified_gmt":"2023-06-16T09:20:52","slug":"exposing-visitor-ip-to-apache-through-varnish","status":"publish","type":"post","link":"https:\/\/www.voodoo.business\/blog\/2016\/07\/10\/exposing-visitor-ip-to-apache-through-varnish\/","title":{"rendered":"Exposing visitor IP to apache through varnish"},"content":{"rendered":"

In a previous post, i posted how you can put varnish on a virtual machine to cache content for your web server, But there was one small thing that we did not deal with, The IP address in the logs and that the website can see is simply that of the varnish server, not the visitor’s IP, and if you write PHP like me, I use the IP in everything, from securing logins to limiting page views to limiting comments. So, here is how we can work around this problem<\/p>\n

First, the mission is as follows, Varnish needs to append something in the request header, that apache needs to consider the Visitor’s IP<\/p>\n

To make apache do that, there is already a module (mod-remoteip) to do this<\/p>\n

1- Tool to check the IP of the visitor<\/h2>\n

Create a PHP script to find out if what we are doing actually worked.<\/p>\n

<?php\nprint \"Your IP is: {$_SERVER['REMOTE_ADDR']} <br \/>\\n\\n\";\n$headers = apache_request_headers();\nforeach($headers as $xheader => $xvalue)\n{\nprint \"$xheader : $xvalue <br \/>\\n\"; }\n?>\n<\/pre>\n
and upload it to the website, when accessing this from the internet, you should see the IP as the IP of the varnish server, not your IP (Like it should)<\/p>\n
1- Playing with cpanel<\/p>\n
First, we must download mod_remoteip from the cpanel website (See here<\/a>)<\/p>\n
Once downloaded, we will upload it to the cpanel server at<\/p>\n
\/var\/cpanel\/easy\/apache\/custom_opt_mods\/<\/pre>\n
Once done, we will now extract it as we would extract any tar.gz file<\/p>\n
cd \/var\/cpanel\/easy\/apache\/custom_opt_mods<\/pre>\n
tar -C \/var\/cpanel\/easy\/apache\/custom_opt_mods -xvf custom_opt_mod-remoteip.tgz<\/pre>\n
Now, this mod should appear in easy apache when rebuilding apache, so go ahead, visit<\/p>\n
Home \u00bbSoftware \u00bbEasyApache 3<\/p>\n
and on the Exhaustive Options List<\/em> you should be able to see mod_remoteip, be sure to check it.<\/p>\n
Now, before coming to configure it, We need to inform Varnish to send us those headers. So add this at the very beginning of the Varnish sub vcl_recv section<\/p>\n
NOTE: It seems that for the latest varnish (VCL 4), you no longer need this, if you add this, you will get the header as ( X-Forwarded-For : xxx.105.60.194, xxx.105.60.194) meaning the same IP twice<\/p>\n
if (req.restarts == 0) {\n  if (req.http.X-Forwarded-For) {\n    set req.http.X-Forwarded-For = req.http.X-Forwarded-For + \", \" + client.ip;\n  } else {\n    set req.http.X-Forwarded-For = client.ip;\n  }\n}\n<\/pre>\n
Now, we need to tell apache, what the extra header’s name is (X-Forwarded-For) and what servers this header should be honored for (the varnish server IPs, currently displaying in the script we wrote right after Your IP is:) So start by editing<\/p>\n
\/usr\/local\/apache\/conf\/includes\/pre_virtualhost_global.conf<\/pre>\n
And add this, the IP here is the varnish server IP<\/p>\n
<IfModule mod_remoteip.c>\n   RemoteIPHeader X-Forwarded-For\n   RemoteIPInternalProxy xxx.172.13.208\n<\/IfModule>\n\n<\/pre>\n
Or, Probably the more suitable<\/p>\n
\/usr\/local\/apache\/conf\/includes\/pre_virtualhost_global.conf<\/pre>\n
And add this, the IP here is the varnish server IP<\/p>\n
<IfModule mod_remoteip.c>\n   RemoteIPHeader X-Forwarded-For\n   RemoteIPTrustedProxy xxx.172.13.0\/24\n   RemoteIPTrustedProxy xxx.172.14.0\/24\n   RemoteIPTrustedProxy xxx.172.19.0\/24\n<\/IfModule>\n\n<\/pre>\n
Now, visit Home >> Restart Services<\/em> on your cpanel server, and restart apache<\/p>\n
There you have it, refresh that PHP script, and your IP address should appear.<\/p>\n
Now, the apache logs will still log the Varnish server IP, to fix that, you need to modify the log section in your apache config, changing %h with %a, like so<\/p>\n
#LogFormat \"%h %l %u %t \\\"%r\\\" %>s %O \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined\nLogFormat \"%a %l %u %t \\\"%r\\\" %>s %O \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
In a previous post, i posted how you can put varnish on a virtual machine to cache content for your web server, But there was one small thing that we did not deal with, The IP address in the logs and that the website can see is simply that of the varnish server, not the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[170,171],"tags":[],"class_list":["post-759","post","type-post","status-publish","format-standard","hentry","category-nginx","category-varnish"],"_links":{"self":[{"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/posts\/759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/comments?post=759"}],"version-history":[{"count":3,"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/posts\/759\/revisions"}],"predecessor-version":[{"id":763,"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/posts\/759\/revisions\/763"}],"wp:attachment":[{"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/media?parent=759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/categories?post=759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.voodoo.business\/blog\/wp-json\/wp\/v2\/tags?post=759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}