If you have a setup which includes one of the rackspace cloud load balancers you will notice that in apache or php the ip of the client is the load balancers, the easiest way to fix this is install an apache module called mod_rpaf.
Here’s how under Ubuntu & Apache 2.2:
Install the apache dev tools (may not be required)
Check which version of apache your running
apache2 -l
The output here tells me i’m using the perfork module.
Compiled in modules: core.c mod_log_config.c mod_logio.c prefork.c http_core.c mod_so.c
Install the prefork development tools
apt-get install apache2-prefork-dev
The alternative here is to install apache2-threaded-dev if you see threaded instead of prefork.c
Install the mod_rpaf
Download the mod_rpaf module and extract the latest version to check the latest see http://stderr.net/apache/rpaf/download/
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz tar -xzf mod_rpaf-0.6.tar.gz
Install and compile the apache module
cd apache-2.2-mod_remoteip.c apxs2 -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
The script will compile and install the module giving you the output of the path to the module e.g
/usr/lib/apache2/modules/mod_rpaf-2.0.so
Configure
Make a new config file for rpaf and edit
touch /etc/apache2/conf.d/rpaf.conf nano /etc/apache2/conf.d/rpaf.conf
Enter the following details in rpaf.conf, change 10.000.000.0 to your load balancer IP comma seperate for more than one
# Your module path LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf-2.0.so RPAFenable On RPAFsethostname On # Your loadbalancer IP seperate with a space for more than one RPAFproxy_ips 10.000.000.0 RPAFheader X-CLUSTER-CLIENT-IP
Check the apache configuration
service apache2 reload
If you see any errors here check your configuration.
Restart apache and apply the changes
service apache2 restart
You should then see the correct user ip showing up in $_SERVER[‘REMOTE_ADDR’] for php
Update:
To get the correct IP from the Load Balancer to .htaccess
If your looking to restrict access from .htaccess this still doesn’t give apache the correct IP to do that you simply use a pre configured environment variable:
order deny,allow deny from all allow from env=allowclient SetEnvIf X-Cluster-Client-Ip 000.000.000.000 allowclient