When you use a reverse proxy or load balancer with Lighttpd, the IP address of the client may be hidden or obscured in the server logs. To log the real IP address of the client, you can use the mod_extforward module in Lighttpd.
Here’s how to configure mod_extforward to log the real IP address of the client:
- Install the
mod_extforwardmodule. On Debian or Ubuntu, you can use the following command:sudo apt-get install lighttpd-mod-extforward
- Configure
mod_extforwardby adding the following lines to your Lighttpd configuration file (/etc/lighttpd/lighttpd.confby default):server.modules += ( "mod_extforward" )
extforward.forwarder = ( "192.168.1.1" )
extforward.headers = ( "X-Forwarded-For" )
Replace
192.168.1.1with the IP address of your reverse proxy or load balancer. Theextforward.headersoption specifies which header to use for the real client IP address. In this example, we’re using theX-Forwarded-Forheader. - Configure your web application to use the
X-Forwarded-Forheader. This step will vary depending on the application. Check the documentation for your application to find out how to enable support for theX-Forwarded-Forheader.In PHP, you can access the
X-Forwarded-Forheader using the$_SERVERsuperglobal array:$client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
- Restart the Lighttpd server:
sudo service lighttpd restart
This will apply the changes you made to the Lighttpd configuration file.
With mod_extforward configured, the real IP address of the client will be logged in the server logs. You can test this by checking the logs and verifying that the IP address matches the client’s actual IP address.