You host your web application with a hosting provider. Your application log/access IP address of your users and you get 127.0.0.1 or some other private IP. Deja Vu? Most likely reason for the above scenario is your hosting provider is using a proxy and the proxy server sits in the same machine or in the same network. Under a such situation we end up using X-Forwarded-For header.
I am aware of two solutions to be used in such a proxy setup so the developer doesn’t have to end up using X-Forwarded-For header.
1.) When the proxy server is an Apache, using ProxyPreserveHost directive in mod_proxy.
This can be used to preserve the remote host not the remote ip. This is useful for situations where name based virtual hosting is used and the backend server needs to know the virtual name of host.
Open mod_proxy configuration file of your proxy server and enter directive, ProxyPreserveHost On, and restart your apache instance.
2.) When backend server is apache, use mod_rpaf
This apache module can be used to preserve both remote IP/HOST. Internally it uses X-Forwarded-For header to detect a proxy in it’s list of known proxies and reset the headers accordingly. This works with any proxy server in the front end provided that the proxy server sets X-Forwarded-For header. To use mod_rpaf, install and enable it in the backend server and add following directives in the module’s configuration.
Remote IP is automatically preserved when RPAFenable On directive is used. RPAFsethostname On directive should be used to preserve host and RPAFproxy_ips is the list of known proxy ips.
Restart backend apache server and you are good to go.