When you do a reverse proxy in which Nginx will be the one who listen the traffic and forward anything needs to be process through PHP to Apache. With this, Apache will always receive an IP from Nginx server (or I should say localhost / 127.0.0.1 / local IP), not the real IP that user uses. In order to let Apache knows what is real user IP, we need to install mod_rpaf.
Just copy and paste code below into SSH :
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz tar xvfz mod_rpaf-0.6.tar.gz cd mod_rpaf-0.6 sed -ie 's/apxs2/apxs/' Makefile make rpaf-2.0 make install-2.0
After compiled, do some configuration as below :
LoadModule rpaf_module /usr/lib/apache/mod_rpaf-2.0.so <IfModule mod_rpaf.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFheader X-Forwarded-For </IfModule>
RPAFproxy_ips can be multiple IP address and it's IP from your reverse proxy.
RPAFproxy_ips 127.0.0.1 xxx.xxx.xxx.xxx
Update (2011.02.15) :
If, for some reason, you tried it and it didn't work. Try to recompile and restart Apache again. After I setup above configuration, it worked fine for a day until I found that it no longer worked. I didn't say it will stop working by itself. I believe it went bad because I did restart Apache service very often after set this up. ( To test Nginx :P )
Test Configuration :
1. CentOS 5.4 / 5.5 - 64 bits
2. DirectAdmin 1.37 - With Custombuild 1.2
3. Apache 2.2.17
4. mod_rpaf 0.6
- Log in to post comments
Full path replacement