setup X-Forwarded-For behind domain server - load balancer
If your site is behind a server domain and then a load balancer, it's a bit more complicated to get the client's real IP address. Here are the steps to follow:
- Configure your server domain to pass the
X-Forwarded-Forheader to the load balancer. You can do this in your server configuration by adding the following line:
bash
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- Configure your load balancer to forward the
X-Forwarded-Forheader to your web server or application. You can do this in your load balancer configuration by adding the following line:
bash
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- Configure your web server or application to use the
X-Forwarded-Forheader as the client's real IP address. For example, if you're using Apache, you can add the following lines to your Apache configuration file:
swift
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog "/var/log/httpd/access_log" combined
This configuration tells Apache to use the X-Forwarded-For header as the source of the client IP address in the access log.
If you're using a different web server or application, the configuration may be slightly different. In general, you'll want to look for a way to configure the logging to use the X-Forwarded-For header or another header that contains the client IP address.
By following these steps, you should be able to accurately log the client's real IP address even when your site is behind a server domain and then a load balancer.
