Wednesday, July 11, 2012

install mod_rpaf with apache-2.4


Apache-2.4 has own module mod_remoteip

"This module is used to treat the useragent which initiated the request as the originating useragent as identified by httpd for the purposes of authorization and logging, even where that useragent is behind a load balancer, front end server, or proxy server."

you may use it with nginx such:


....
    RemoteIPHeader X-Forwarded-For
....

but I found 2 issues for me:

1. I must change LogFormat ( replace %h with %a) to show original IP in logs
2.  /server-status/ page show nginx ip address instead original

So, i deside to use mod_rpaf. Defaut veriosn does not compile with aapche-2.4.
To solve the issue:


 replace  “remote_” with “client_” in “mod_rpaf-2.0.c” 


make it:

apxs -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

or install

apxs -i  -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

and use it with apache



    RPAFenable On
    RPAFproxy_ips 127.0.0.1 
    RPAFsethostname On
    RPAFheader X-Forwarded-For


4 comments:

Anonymous said...

Did what you said but it doesn't work:

sed -i 's/remote_/client_/g' mod_rpaf-2.0.c

apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
/usr/local/apache/build/libtool --silent --mode=compile gcc -std=gnu99 -prefer-pic -m64 -fPIC -DPIC -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -c -o mod_rpaf-2.0.lo mod_rpaf-2.0.c && touch mod_rpaf-2.0.slo
mod_rpaf-2.0.c: In function 'rpaf_cleanup':
mod_rpaf-2.0.c:150: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:151: error: 'conn_rec' has no member named 'remote_addr'
mod_rpaf-2.0.c:151: warning: implicit declaration of function 'inet_addr'
mod_rpaf-2.0.c:151: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c: In function 'change_remote_ip':
mod_rpaf-2.0.c:164: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:183: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:186: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:187: error: 'conn_rec' has no member named 'remote_addr'
mod_rpaf-2.0.c:187: error: 'conn_rec' has no member named 'remote_ip'
apxs:Error: Command failed with rc=65536

Pothi Kalimuthu said...

It worked. I did the following, though...

cp mod_rpaf-2.0.c mod_rpaf-2.4.c
sed -i 's/remote_/client_/g' mod_rpaf-2.4.c
apxs -c -n mod_rpaf-2.4.so mod_rpaf-2.4.c
apxs -i -c -n mod_rpaf-2.4.so mod_rpaf-2.4.c

Then loaded it with...

LoadModule rpaf_module /path/to/mod_rpaf-2.4.so

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
# RPAFheader X-Real-IP
RPAFheader X-Forwarded-For

Thanks for the solution!

Anonymous said...

What mod_rpaf version did you use because the latest i could find is 0.6 and it doesn't seem to contain mod_rpaf-2.4.c

Regards.

Anonymous said...

rpaf work fine, but with apache 2.4.6 - 2.4.7

if you try enable mod_rpaf on apache 2.4.10 apache status still ok, but if you see on phpinfo(), you have wrong IP in

_SERVER["REMOTE_ADDR"]

:(