Show Real IP in Apache Access Log (Akamai)

Since our company is using Akamai as the Content Delivery provider (CDN), we need to see the real IP to make sure we can do some log processing accurately.

The Akamai CDN basically working like example below:

Akamai Edge Server will work as the reverse-proxy to cache the website contents from requests they received on their edge servers anywhere around the world. This will speed up the website loading page and decrease the server load of the web server. The only problem of this implementation is that you can only seen Akamai’s IP connecting to your web server.

What will happen to my AWstats results then?
How to block suspected IP in firewall based on mod_security rules since they only can see Akamai IP?

Even though Akamai has provide summary of bandwidth usage and some other related informations, we still need to see the real IP, at least in our Apache access log. Akamai is adding another header called True-Client-IP, which used to return back the request to the real client after web server return back the result to Akamai edge server. What we need to do is just replace and add some line to our httpd.conf and restart the Apache web server. Following example is tested in a hosting server which run on cPanel. Variable as below:

Domain: mydomain.com
Log location: /usr/local/apache/domlogs (default for cPanel)

1. Open /etc/httpd/conf/httpd.conf using your favourite text editor and find your domain virtual host. You will see something like below:

<VirtualHost 12.34.123.115:80>
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    DocumentRoot /home/mydomain/public_html
    ServerAdmin webmaster@mydomain.com
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/mydomain.com combined
    CustomLog /usr/local/apache/domlogs/mydomain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User crazyd # Needed for Cpanel::ApacheConf
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup mydomain mydomain
    </IfModule>
    ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/
 
    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/std/2/mydomain/mydomain.com/*.conf"

</VirtualHost>

2. Now, we need to replace and add the LogFormat and CustomLog variable as below:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{True-Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf True-Client-IP "^.*\..*\..*\..*" forwarded
CustomLog "/usr/local/apache/domlogs/mydomain.com_real_ip" combined env=!forwarded
CustomLog "/usr/local/apache/domlogs/mydomain.com_real_ip" proxy env=forwarded

3. So it will be like below:

<VirtualHost 12.34.123.115:80>
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    DocumentRoot /home/mydomain/public_html
    ServerAdmin webmaster@mydomain.com
    UseCanonicalName Off
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{True-Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    SetEnvIf True-Client-IP "^.*\..*\..*\..*" forwarded
    CustomLog "/usr/local/apache/domlogs/mydomain.com" combined env=!forwarded
    CustomLog "/usr/local/apache/domlogs/mydomain.com" proxy env=forwarded
    CustomLog /usr/local/apache/domlogs/mydomain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
 
    ## User crazyd # Needed for Cpanel::ApacheConf
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup mydomain mydomain
    </IfModule>
    ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/
 
    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/std/2/mydomain/mydomain.com/*.conf"

</VirtualHost>

4. Now we need to run some command in cPanel and restart Apache. I prefer to do graceful restart:

$ /usr/local/cpanel/bin/apache_conf_distiller --update --main
$ apachectl -k graceful

Done! Now the AWstats will deliver correctly and you also able to monitor the real IP in access log using command:

$ tail -f /usr/local/apache/domlogs/mydomain.com

3 thoughts on “Show Real IP in Apache Access Log (Akamai)

  1. Please help me in the following scenario.
    I have one load balancer running with haproxy and 2 cpanel apache servers are running in behind of haproxy server.
    I have used “option forwardfor” in haproxy config but unable to get the client real ip address in 2 web servers end. Please help me, how i can configure Logformat of apache servers?

    Thanks

    Reply

    1. Hi,

      If I am not mistaken, the LogFormat definition for Haproxy is as per below:
      LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

      You may try and share with us the result.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *