Apache log format issue with EasyApache 4 (apache 2.4), Varnish and mod_remoteip

[Mads Nordholm]

I have Varnish (manually installed and configured) running in front of Apache – works like a charm. The only issue I'm having now is that the X-Forwarded-For header set by Varnish (yes, it's working) is not being correctly picked up by Apache, so the IP of my server shows up in all log files.

I have tried following the steps outlined in this thread to modify the log format used for vhosts, but to no avail: mod_remoteip and correct ip in vhost access logs

I would love to hear from anybody who has a similar setup, and who managed to get this very important part right.

EDIT: I should probably clarify that I am running Cloudlinux 7 with cPanel 11.56.0 (build 24)

 

[cPanelMichael]

I have tried following the steps outlined in this thread to modify the log format used for vhosts, but to no avail: mod_remoteip and correct ip in vhost access logs

Hello,

You may want to try the last post in that thread instead, as it's reported as working from that user.

Thank you.

 

[Mads Nordholm]

I tried following the instructions pointed to in the linked thread, but they did NOT work for me. The problem seems to be that the LogFormat directives in /usr/local/apache/conf/httpd.conf are not in any way affected by running:

sed -i.original -e 's/\(logformat.*\)%h\(.*\)/\1%a\2/' /var/cpanel/conf/apache/main
sed -i.original -e 's/\(.*\)%h \(.* combinedvhost.*\)/\1%a \2/' /usr/local/cpanel/Cpanel/AdvConfig/apache.pm
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd

In fact, after running the commands above, the output of grep LogFormat /usr/local/apache/conf/httpd.conf looks like this:

LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%a %l %u %t \"%r\" %>s %b" common
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Despite the sed commands clearly doing what they are supposed to do. In other words, it looks like running /scripts/rebuildhttpdconf does not parse /var/cpanel/conf/apache/main and/or /usr/local/cpanel/Cpanel/AdvConfig/apache.pm.

The only way I can currently get this to work is by replacing %h with %a directly in /usr/local/apache/conf/httpd.conf, but I have no idea if these modifications will persist after a cPanel update or not. Time will tell I guess.

 

[cPanelMichael]

Hello,

Run the Apache distiller after running those "sed" commands, but before running "/scripts/rebuildhttpdconf":

/usr/local/cpanel/bin/apache_conf_distiller --update

Here's the result when I used this method:

# grep LogFormat /usr/local/apache/conf/httpd.conf
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Let us know if this helps.

Thank you.

 

[Mads Nordholm]

It would appear that your approach works, but it does leave me wondering why there isn't a more straight forward way of overriding Apache configuration directives without having to jump through so many hoops to ensure that changes are not overwritten by cPanel update.

 

[Miguel G]

After updating WHM 56 to 58 and migrating to EasyApache 4, this is not working for me anymore (I had EasyApache 3) and this has been working for almost 2 years.

I have Varnish running in front of Apache.

I have enabled mod_remoteip and made sure the module is loaded. I have added the following in /etc/apache2/conf.modules.d/360_mod_remoteip.conf

# Enable mod_remoteip
LoadModule remoteip_module modules/mod_remoteip.so
<IfModule remoteip_module>
  # These settings are specific to your environment, so
  # we'll leave them commented out until you manually set
  # them. I recommend carefully reading the documentation
  # as misconfiguration of this module can result in
  # potential data compromise.
  #
  # mod_remoteip - Apache HTTP Server Version 2.5
  # ---------------------------------------------------------

RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy myipaddress
</IfModule>

I have even tried modifying manually the httpd.conf with %a instead of %h and still is not working.

 

[cPanelMichael]

It's possible this relates to the use of the third-party Varnish plugin, however feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[Miguel G]

Finally it worked following the instructions from this thread:

Apache log format issue with EasyApache 4

cp -a /var/cpanel/templates/apache2_4/ea4_main.default /var/cpanel/templates/apache2_4/ea4_main.local
vi /var/cpanel/templates/apache2_4/ea4_main.local

and change %h entries for %a

 

[cPanelMichael]

I'm happy to see the issue is now resolved. Thank you for updating this thread with the outcome.