The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_remoteip and correct ip in vhost access logs

Discussion in 'EasyApache' started by internetfab, Apr 20, 2015.

  1. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Good morning from Sweden :)

    We've decided to use mod_remoteip instead of mod_rpaf to translate the XFF header (apache 2.4)
    However, mod_remoteip uses the %a log format instead of the %h to get the client IP. If there is no XFF header then %a (or if it's not trusted) then %a equals %h.

    So, this is fixable in httpd.conf by changing these %h into %a.

    Code:
    <IfModule mod_log_config.c>
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent
    
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=box01.oderland.com --suffix=-bytes_log" bytesvhost
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=box01.oderland.com --mainout=/usr/local/apache/logs/access_log" combinedvhost
    
    </IfModule>
    so they'll be like this:

    Code:
    <IfModule mod_log_config.c>
        LogFormat "%v:%p %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
        LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%a %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent
    
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=box01.oderland.com --suffix=-bytes_log" bytesvhost
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=box01.oderland.com --mainout=/usr/local/apache/logs/access_log" combinedvhost
    
    </IfModule>
    However, after distilling and rebuilding httpdconf, one of the entries above reverts to %h:

    Code:
    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
    That's of course the logformat that controls virtual host logs.

    I've had this issue up with cPanel twice already during the last year. They couldn't solve it and asked me to file a feature request.

    I've since added the whole part of the config in /usr/local/apache/conf/includes/pre_virtualhost_global.conf to overwrite the incorrect one, but it feels like a hack (since cPanel could change the template in the future or decide to move the splitlogs binary).

    Has anyone else solved it in a better way? Care to share how?
     
  2. cPDavidN

    cPDavidN cPanel Developer
    Staff Member

    Joined:
    Mar 19, 2013
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Hi there,

    Can you check the directive in /var/cpanel/conf/apache/main ? By default, it looks like this:

    Code:
        ifmodulelogiomodule:
          logformat:
            directive: logformat
            items:
              -
                logformat: "\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %I %O\" combinedio"
        logformat:
          directive: logformat
          items:
            -
              logformat: "\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined"
            -
              logformat: "\"%h %l %u %t \\\"%r\\\" %>s %b\" common"
    
    You should be able to just change %h to %a, then run /scripts/rebuildhttpdconf and have it do what you want. Please let me know if that doesn't work. Please be careful editing this file; it's YAML, which is very sensitive to whitespace changes.

    Edit: I fail at formatting. Make sure you preserve the indentation in this file, or you may get a broken Apache configuration.[/CODE]
     
  3. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Hi David!
    Thanks for getting back to me. I've been down this road before ;)
    The
    Code:
    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
    is missing from the yaml conf.

    I just realized I sent you guys a feature request January 2015.

    Here's what I wrote in the ticket about it:

     
  4. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Ticket id: 6031689
     
  5. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Any updates on this @cPDavidN? Is it a "feature" or a bug? ;)
     
  6. cPDavidN

    cPDavidN cPanel Developer
    Staff Member

    Joined:
    Mar 19, 2013
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    Hi Internetfab,

    I apologize for missing your reply. The way that Apache templates and those .yaml files interact is complex and strange and, since they're generated on the server itself, comparisons between machines aren't helpful. (I've been dealing with different aspects of this subsystem for the last couple of days, so I've gotten some new insights into why my last reply was not so helpful.)

    Would it be possible for you to re-open your ticket and provide access to an affected server? I'd like to examine your configuration and see if I can come up with something that will work for you long-term, which will survive cPanel updates, distiller runs, and Apache configuration rebuilds.
     
  7. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    We also see this problem. on 11.48.4 (build4). From /var/cpanel/conf/apache/main

    Code:
             logformat: "\"%v:%p %a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combinedvhost"
            -
              logformat: "\"%v %{%s}t %I .\\n%v %{%s}t %O .\" bytesvhost"
            -
              logformat: "\"%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined"
            -
              logformat: "\"%a %l %u %t \\\"%r\\\" %>s %b\" common"
            -
              logformat: "\"%{Referer}i -> %U\" referer"
            -
              logformat: "\"%{User-agent}i\" agent"
      
    After /scripts/rebuildhttpdconf we see in the httpd.conf

    Code:
    <IfModule mod_log_config.c>
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
        LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
        LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%a %l %u %t \"%r\" %>s %b" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent
    
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=orcus.uksrv.co.uk --suffix=-bytes_log" bytesvhost
        CustomLog "|/usr/local/cpanel/bin/splitlogs --main=orcus.uksrv.co.uk --mainout=/usr/local/apache/logs/access_log" combinedvhost
    
    </IfModule>
    
    The combinedvhost entry, for some reason totally ignores the line entry in /var/cpanel/conf/apache/main - I've inserted extra spaces etc., and none of it has any effect on the LogFormat directive for combinedvhost
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,828
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Try using /var/cpanel/conf/apache/local instead of /var/cpanel/conf/apache/main in order to implement custom changes. You will need to create "/var/cpanel/conf/apache/local" if it does not yet exist.

    Thank you.
     
  9. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    While both files look like YAML, they appear to provide quite different functions

    /var/cpanel/conf/apache/local - appears to hold the settings from WHM »Service Configuration »Apache Configuration »Global Configuration

    /var/cpanel/conf/apache/main - appears to hold the settings that are directly translated into httpd.conf

    I'm taking a wild guess, but I doubt adding the following to our pre-existing local file is going to help - or would probably break a rebuild (I haven't tested)

    Code:
    ---
    defaultvhost:
      userdirprotect: ''
    main:
      ifmodulemodlogconfigc:
        customlog:
          directive: customlog
          items:
            -
              format: --main=ourhost.co.uk --suffix=-bytes_log" bytesvhost
              target: "\"|/usr/local/cpanel/bin/splitlogs"
            -
              format: --main=ourhost.co.uk --mainout=/usr/local/apache/logs/access_log" combinedvhost
              target: "\"|/usr/local/cpanel/bin/splitlogs"
        logformat:
          directive: logformat
          items:
            -
              logformat: "\"%v:%p %a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combinedvhost"
            -
              logformat: "\"%v %{%s}t %I .\\n%v %{%s}t %O .\" bytesvhost"
            -
              logformat: "\"%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined"
            -
              logformat: "\"%a %l %u %t \\\"%r\\\" %>s %b\" common"
            -
              logformat: "\"%{Referer}i -> %U\" referer"
            -
              logformat: "\"%{User-agent}i\" agent"
    sections:
      ifmodulemodlogconfigc: <ifmodule  mod_log_config.c>
    supported:
      mod_log_config: 1
     
  10. terraGirl

    terraGirl Member

    Joined:
    Jan 20, 2011
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Is there any update on this? We're using nginx as reverse proxy with Apache 2.4 / mod_remoteIP and can't get it to work, it keeps logging the server IP which makes access controls like eg WordPress brute force attack prevention etc useless. Any help in getting mod_remoteIP to work correctly with cPanel would be much appreciated.
     
  11. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    For the time being - the only way around this is to directly edit the following files...

    Code:
    sed -i.original -e 's/\(logformat.*\)%h\(.*\)/\1%a\2/' /var/cpanel/conf/apache/main
    sed -i.original -e 's/\(.*\)%h \(.* combinedvhost.*\)/\1%a \2/' /usr/local/cpanel/Cpanel/AdvConfig/apache.pm
    
    This will ensure that %h is replaced with %a for the combinedvhost LogFormat entry (in addition to the other LogFormat entries) in httpd.conf

    This will get overwritten after a upcp, so you may want to put these instructions in a script and add that script to /usr/local/cpanel/scripts/postupcp
     
  12. terraGirl

    terraGirl Member

    Joined:
    Jan 20, 2011
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Thank you! Do I just put the 2 lines as provided into postupcp or do I need to write my own script? Sorry for the newbie query, first time I'm messing with cPanel settings. I've tried to just put the 2 lines into postupcp but that did not fix the IP error.
     
  13. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    It's probably more tidy to put them into a short bash script and pop that into /usr/local/cpanel/scripts/postupcp instead.

    If you want the changes to take effect immediately then you will need to run those two sed commands, and then run /scripts/rebuildhttpdconf, and /scripts/rebuildnginxvhost, and then service httpd restart.

    It should be noted that this technique has been tested and works with 11.54 (Build 19), but you know how cPanel change things ;-)
     
  14. terraGirl

    terraGirl Member

    Joined:
    Jan 20, 2011
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Hi Santrix, Thank you! I'm on WHM 54.0 (build 19), and the fix doesn't work for me.
     
    #14 terraGirl, Mar 18, 2016
    Last edited by a moderator: Mar 23, 2016
  15. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    Then, check /usr/local/apache/conf/httpd.conf for each of the LogFormat directives to ensure that the %h options have been converted to %a.

    If so, then it may be that your nginx reverse proxy isn't adding the X-Real-IP header for the correct server IP addresses, or maybe you aren't loading the remoteip module... Depending on your implementation this could be in various places.

    Check it's loaded by running

    /usr/local/apache/bin/apachectl -M

    and look for remoteip_module in the output. If it is loaded then you need to ensure that your server's local IP addresses are configured as RemoteIPInternalProxy's with the following directives - these could be in your httpd.conf or in an include file depending on your setup. You should fine one or more lines like this, with your IP addresses listed:

    RemoteIPInternalProxy x.x.x.x

    If you have all that, then it's going to be quicker to let cPanel take a look ;)
     
  16. terraGirl

    terraGirl Member

    Joined:
    Jan 20, 2011
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Hi Santrix,

    Thank you, finally got it working! I think I was making too many changes and not properly restarting in between tests. The settings you gave me work perfectly now :)

    And if anyone else is having issues, this setting was also important:

    Code:
    RemoteIPHeader X-Real-IP
    RemoteIPInternalProxy 127.0.0.1
    RemoteIPInternalProxy ..... [add IPs]
    I tried this with "RemoteIPHeader X-Forwarded-For" first but "RemoteIPHeader X-Real-IP" is the one that works.

    and in the remoteip configuration I had:

    Code:
    #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Real-IP  $remote_addr;
    real_ip_header     X-Forwarded-For;
    real_ip_recursive on;
    
    A quick way to test output is to show the last 50 lines of the access logs:
    PHP:
    tail -50 /usr/local/apache/domlogs/USERNAME/DOMAIN.COM
    Thank you Santrix for your help, much appreciated! Incidentally when I asked cPanel for help, they simply changed %a back to %h :( Glad about this forum.

    Best regards, Edith
     
    techiescorner likes this.
  17. AnthonyFrancis

    PartnerNOC

    Joined:
    Sep 7, 2013
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denver Colorado
    cPanel Access Level:
    DataCenter Provider
    The custom_opt_mod-remoteip.tgz seems to be missing from the downloads. The download link 404's.
     
    #17 AnthonyFrancis, Oct 4, 2016
    Last edited: Oct 4, 2016
  18. AnthonyFrancis

    PartnerNOC

    Joined:
    Sep 7, 2013
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denver Colorado
    cPanel Access Level:
    DataCenter Provider
    Thanks for fixing the link (whomever did it)!
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,828
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I'm happy to see it's working well. It may have been a temporary server issue as I don't see any reports that a case was opened to address the problem. Let us know if you encounter any additional issues with the download.

    Thanks!
     
Loading...

Share This Page