jvdmr
Problem when using X-Forwarded-For
Hi,
I'm trying to implement mod_evasive in a load balanced environment where we use X-Forwared-For to store the actual remote IP. I'm running into a problem where it ends up blocking the proxy IP rather than the actual remote IP.
I found this thread which seems relevant:
https://github.com/jvdmr/mod_evasive/pull/14
The gist is that you need to set both of these:
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy [ip range of load balancers]
My setup is this: mod_remoteip is installed and loaded, as is mod_evasive.
Inside the virtual host, the following is set:
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 172.24.0.0/16
LoadModule evasive_module modules/mod_evasive24.so
DOSEnabled true
DOSHashTableSize 3097
DOSPageCount 1
DOSSiteCount 2
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify [email protected]
However, I'm still receiving an email indicating that the load balancer IP is being blocked:
To: [email protected]
Subject: HTTP BLACKLIST 172.24.15.211
mod_evasive HTTP Blacklisted 172.24.15.211
I'm looking for some guidance on what the problem might be. Thank you!
I should also add that I know X-Forwarded-For is being set correctly because we output it to logs and it appears as expected.
Interestingly, when tailing the output, it appears to actually block the correct IPs, but the email is incorrect. And, even more strangely, the email and the logic that blocks the IP both seem to use r->useragent_ip. I'm a bit stumped, but as long as it's actually working properly I don't really care about what the email says.
We are using RemoteIPHeader as well. RemoteIPHeader and mod_evasive should work together. Often the very first Apache server is a reverse proxy that is running mod_remoteip to transport the IP to the different application servers. Thus mod_evasive should run on the central remote proxy. If this is an Apache it should work with mod_remoteip...
