Jan 16, 2014

Log client's IP address in apache log when using HAProxy and ISPConfig

If we use HAProxy and ISPConfig to publish websites, by default, Apache log will log only the IP of the HAproxy server. To log client's IP in Apache log, we have to:

1. Config HAProxy
option forwardfor to backend option in HAProxy config file, then reload haproxy
service haproxy reload
2. Change the LogFormat for ISPConfig site
Edit ispconfig config file nano /etc/httpd/conf/sites-available/ispconfig.conf Replace LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig with LogFormat "%v %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
3. Change the LogFormat for httpd
Edit httpd.conf file nano /etc/httpd/conf/httpd.conf Replace LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined with LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined Save the file and restart apache server service httpd restart
Check the log again. Not as other guides, I still keep the %h because we sometimes need to test the webserver directly. Also, we want to log if there is any other IP accessing our webserver besides the HAProxy.