Apache 2.4 - mod_geoip, mod_remoteip

[JamesOakley]

I'm trying to install Apache 2.4 on a test server using Easy Apache. I've got it to install, but in order to do so, I had to:

1. Not include mod_geoip. I had been using the cPanel custom module for this. It seems this isn't compatible with Apache 2.4. I think MaxMind have a more recent version (1.2.8, as opposed to 1.2.5), but I couldn't get the custom module to integrate it.

2. Not use mod_rpaf. I was building that from source in after_apache_make_install, then enabling it in the pre-include file. To be fair, it's probably correct that I don't use this, because Apache 2.4 comes with mod_remoteip built in to replace mod_rpaf. However the Easy Apache screens don't offer me mod_remoteip, so I'm not able to try that option.

Has anybody else got further than I have with this?

 

[cPLaurenceS]

Hi James!

There's a newer version of mod_geoip on the new Custom Modules page:
EasyApache: Custom Modules (


-ls

Laurence Simon
Technical Writer
cPanel, Inc.

 

[JamesOakley]

Thanks Laurence - that installed successfully this time. That's geoip working.

Any ideas how to handle reverse proxy IPs? (I've got Varnish in front of Apache, and without mod_rpaf or presumably mod_remoteip I just get the local IP for everything).

 

[JamesOakley]

OK - I've got mod_rpaf working. It'd be nice to work with mod_remoteip instead, so perhaps that's something we'll see in a later release of EasyApache - that is the Apache-recommended way.

I read somewhere online that what's needed is to change references to properties beginning remote_ so that they begin client_ instead. Running the official release of mod_rpaf through apxs, the errors I got all related to properties remote_ip or remote_addr not being found.

# sed -i 's/remote_addr/client_addr/' mod_rpaf-2.0.c
# sed -i 's/remote_ip/client_ip/' mod_rpaf-2.0.c

Then apxs ran, and the module appears to be working correctly as far as I can test.

 

[JamesOakley]

Sadly, it wasn't quite as simple. The server variable GEOIP_ADDR was modified by mod_rpaf, but REMOTE_ADDR was not.

 

[cPLaurenceS]

Hi James!

On the one hand, we do offer the optmod/Custom Modules documentation and a few example modules for download as a courtesy:

EasyApache: Custom Modules (

The document does state that we do not support custom modules:

“Warning: cPanel does not provide support for custom modules.”

We’re looking around to see if there’s a reliable mod_remoteip optmod to add to that page’s examples.

I would suggest that you file a Feature request (cPanel Feature Requests) for EasyApache to include mod_geoip, mod_remoteip and mod_rpaf as options. If they’re voted up/requested a lot, they can get included in future releases of EasyApache.

Thanks,
-ls

Laurence Simon
Technical Writer (EasyApache Team)
cPanel, Inc.

 

[cPLaurenceS]

James-

Check the Custom Modules page:
EasyApache: Custom Modules (

I've added a mod_remoteip custom mod.

Have you sent in a feature requisition for us to get mod_geoip, mod_remoteip and mod_rpaf included as options (custom or core)?

Once we've got that, we can get that triaged.

Thanks,
-ls

Laurence Simon
Technical Writer (EasyApache Team)
cPanel, Inc.

 

[JamesOakley]

Hi Laurence

I'll check that custom mod out. Thank you.

I submitted a feature request after you posted here on Friday. A green banner flashed across the top of the screen that may request was awaiting moderation. It's still not showing.

I'll try again.

... edit, 5 minutes later: Done. "Response is sent for moderation".

I've left it just as mod_remoteip, because mod_geoip already has a custom module that works fine.

I'll report back when I've had a chance to test the custom module you've posted for mod_remoteip.

 

[JamesOakley]

Check the Custom Modules page:
EasyApache: Custom Modules (

I've added a mod_remoteip custom mod.

Sorry, but for some reason I can't see mod_remoteip on that page anywhere. Could you let me have the download link please?

Have you sent in a feature requisition for us to get mod_geoip, mod_remoteip and mod_rpaf included as options (custom or core)?

The feature request is here.

 

[JamesOakley]

Laurence -that custom module works a charm. Thank you. I just had to add a LoadModule statement in pre_main_global.conf, and add entries to configure the headers / legitimate proxy IPs. I'd expect to have to do those steps by hand, so that's all working.

The only thing I wondered was whether it should go in the Short Options list, as opposed to being in the Exhaustive Options list.

One more thing: The default LogFormat declaration in httpd.conf is

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

I had to change it to

LogFormat "[B]%a[/B] %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

(and then run it through the distiller) in order for Apache's logs also to show the original source IP. (Reference mod_log_config documentation)

 

[cPanelJamyn]

Laurence -that custom module works a charm. Thank you. I just had to add a LoadModule statement in pre_main_global.conf, and add entries to configure the headers / legitimate proxy IPs. I'd expect to have to do those steps by hand, so that's all working.

Hi,

The LoadModule directive should have been automatically added - see /usr/local/apache/conf/mod_remoteip.conf. However, the module is not pre-configured - you'd need to modify mod_remoteip.conf to specify your upstream IPs, etc.

perldoc ModRemoteIp.pm

The only thing I wondered was whether it should go in the Short Options list, as opposed to being in the Exhaustive Options list.

I suppose that's up for debate, but it's under Exhaustive Options since it's part of core Apache. It sounds like you'd prefer it to be in the short list, but (imho) then the short list will eventually become "exhaustive" as well

One more thing: The default LogFormat declaration in httpd.conf is

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

I had to change it to

LogFormat "[B]%a[/B] %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Right - for the same reasons as above, the module can't pre-configure the upstream IP so it doesn't modify the LogFormat option either.

 

[JamesOakley]

The LoadModule directive should have been automatically added - see /usr/local/apache/conf/mod_remoteip.conf. However, the module is not pre-configured - you'd need to modify mod_remoteip.conf to specify your upstream IPs, etc.

Yes - I thought initially this wasn't the case. I can now confirm that it is pre-configured.

 

[cPLaurenceS]

HUZZAH!

-ls