Giters

VirtuoWorks / apache2-and-nginx-cloudfront-configurations

Apache2 Nginx X-Forwarded-For configuration files cloudfront remote ip http header

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Apache2 and Nginx Cloudfront configuration

Situation

Nginx or Apache2 are behind an AWS cloudfront distribution.

Nginx or Apache2 access logs show cloudfront distribution IP(s).

Problems

  • Unusable access statistics with tools like awstats;

  • Fail2Ban triggers false positive, bans cloudfront IP(s);

  • ... (others ?)

Troubleshooting

Adding some new configuration directives to Apache2 or Nginx. With these,

the web servers are getting the real IP address from the X-Forwarded-For

HTTP header as it is set by cloudfront (see doc).

Enabling

Apache2 (remote ip module has to be enabled) :

  • Copy the repository /etc/apache2/conf-available/cloudfront.conf file into your system /etc/apache2/conf-available/ directory;
  • Enable the configuration file and restart apache2 : a2enconf cloudfront systemctl restart apache2

Nginx (real ip module has to be enabled) :

  • Copy the repository /etc/nginx/conf.d/cloudfront.conf file into your system /etc/nginx/conf.d/ directory;
  • Restart nginx : systemctl restart nginx

Finally, check your server access logs.

About

Apache2 Nginx X-Forwarded-For configuration files cloudfront remote ip http header

License:MIT License