mod_extforward: Lighttpd Log Clients Real IP Behind Reverse Proxy / Load Balancer

Author: Vivek Gite Last updated: May 3, 2017 0 comments
I‘ve setup 5 lighttpd web servers behind Nginx based reverse proxy / load balancer to distribute load for busy e-commerce website. However, all web server nodes putting my load balncers two IP address in access log file. How do I force lighttpd to log a real IP (public IP) address of all client computers visiting our website?

You need to use mod_extforward under Lighttpd to extract and log the client’s real IP from “X-Forwarded-For” or “X-Real-IP” header which is added by reverse proxy server such as Nginx or Squid proxy server.

Configuration

Edit lighttpd.conf file, enter:
# vi /etc/lighttpd/lighttpd.conf

WARNING! mod_extforward is included in lighttpd 1.4.14 and later.

Add mod_extforward at the end of server.modules directive (order is important):

server.modules              = (
                               "mod_redirect",
                               "mod_alias",
                               "mod_rewrite",
                               "mod_expire",
                               "mod_access",
                               "mod_auth",
                               "mod_status",
                               "mod_fastcgi",
                               "mod_secdownload",
                               "mod_accesslog",
                               "mod_compress",
                    ### add mod_extforward ####
                               "mod_extforward" 
)

Add Your Proxy Server / Revers Proxy Load Balancer IPs

Add your nginx based reverse proxy ips (LB’s IPs) such as 10.10.28.5 and 10.10.28.6:

  extforward.forwarder = (
     "10.10.28.5" => "trust",
     "10.10.28.6" => "trust" 
  )

Save and close the file.

How Do I Set Client’s Custom IP Headers?

You can also set headers to search for finding the client’s original IP addresses using the following syntax:

    extforward.headers = ("X-Cluster-Client-Ip")

OR

    extforward.headers = ("X-Real-Ip")

Restart Lighttpd

Finally, restart the lighttpd web server, enter:
# service lighttpd restart
You can view access log using tail command:
# tail -f /var/log/lighttpd/access.log

This entry is 5 of 10 in the CentOS / RHEL nginx Reverse Proxy Tutorial series. Keep reading the rest of the series:
  1. CentOS / Redhat Linux: Install Keepalived To Provide IP Failover For Web Cluster
  2. CentOS / Redhat: Install nginx As Reverse Proxy Load Balancer
  3. Handling nginx Failover With KeepAlived
  4. nginx: Setup SSL Reverse Proxy (Load Balanced SSL Proxy)
  5. mod_extforward: Lighttpsd Log Clients Real IP Behind Reverse Proxy / Load Balancer
  6. HowTo: Merge Apache / Lighttpsd / Nginx Server Log Files
  7. Linux nginx: Chroot (Jail) Setup
  8. HowTo: SPDY SSL Installation and Configuration
  9. Install Nginx Using Yum Command on CentOS/RHEL
  10. Create a Self-Signed SSL Certificate on Nginx

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

Related Tutorials
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz

Next FAQ:

Previous FAQ:

FEATURED ARTICLES

Sign up for my newsletter