最後更新: 2017-04-21

目錄

• mod_rpaf
• 在 Centos 上 compile mod_rpaf
• nginx fontend setting
• mod_extract_forwarded
• Apache 2.4 - mod_remoteip

mod_rpaf

介紹

module for Apache2 which takes the last IP from the 'X-Forwarded-For' header

Debian 安裝 :

apt-get install libapache2-mod-rpaf

設定:

/etc/apache2/mods-enabled/rpaf.conf

<IfModule mod_rpaf.c>
    RPAFenable On

    # let rpaf update vhost settings
    # allows to have the same hostnames as in the "real"
    # configuration for the forwarding Apache
    RPAFsethostname On

    # frontend proxies 的 IP, 只有那 IP 過來的 traffic 才看 "X-Forwarded-For" header
    RPAFproxy_ips 127.0.0.1

</IfModule>

在 Centos 上安裝 mod_rpaf

yum install httpd-devel

tar -zxf mod_rpaf-0.6.tar_.gz

cd mod_rpaf-0.6

apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

nginx fontend setting

/etc/nginx/proxy.conf

...
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...

mod_extract_forwarded

介紹

在 Centos 上沒有 libapache2-mod-rpaf, 所以可能會用 mod_extract_forwarded 取締

安裝

# C6 - epel

yum install mod_extract_forwarded

設定

/etc/httpd/conf.d/mod_extract_forwarded.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule extract_forwarded_module modules/mod_extract_forwarded.so

# MEForder 是設定 MEFaccept 及 MEFrefuse 的先後次序
# 以下設定是先 accept 了之後 refuse.
MEForder refuse,accept

# Fontend prxoy server 的 IP
# Default: empty
MEFaccept 1.2.3.4 1.2.3.5

# Default: all
MEFrefuse all

可能遇到的問題:

Syntax error on line 1 of /etc/httpd/conf.d/mod_extract_forwarded.conf:
Cannot load /etc/httpd/modules/mod_extract_forwarded.so into server:
/etc/httpd/modules/mod_extract_forwarded.so: undefined symbol: proxy_hook_scheme_handler

原因是此 module 一定要 load 以下 modules:

• mod_proxy
• proxy_http

Doc:

• /usr/share/doc/mod_extract_forwarded-2.0.2/README

Apache 2.4 - mod_remoteip

http://datahunter.org/apache24_module#mod_remoteip