How to set X-Forward-For on Apache httpd

I think you want to use X-Forwarded-For when you use a load balancer.
Because the IP address acquired by the web server becomes the IP address of the load balancer.
In this article I will show how to restrict IP using X-Forwarded-For and how to output X-Forwarded-For to the log.
Apache httpd introduced in this article is installed based on chef.

• X-Forwarded-For logging
• Restrict IP with X-Forwarded-For

X-Forwarded-For logging

• vim /etc/httpd/conf/httpd.conf

Create a custom log definition called "combined".

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

↓

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined

• vim /etc/httpd/sites-enabled/000-default

000-default is the file setting VirtualHost.
Set to use combined.

CustomLog /var/log/httpd/access_default.log combined

Restrict IP with X-Forwarded-For

The following is a setting that can reject specific IP address.

• vim /etc/httpd/sites-enabled/000-default

<VirtualHost *:80>
    SetEnvIf X-Forwarded-For "192.168.10.101" deny_ip
    SetEnvIf X-Forwarded-For "192.168.10.102" deny_ip

        <Location />
            Order allow,deny
            Allow from all
            Deny from env=deny_ip
            ProxyPass ajp://192.168.20.100:8009/sample-app/
        </Location>

        <Location /*/test/>
            Order deny,allow
            Deny from all
            Allow from env=deny_ip
            ProxyPass ajp://192.168.20.100:8009/sample-app/
        </Location>
</VirtualHost>

Use "SetEnvIf".
You can use CIDR or regular expressions to specify your IP address.
It is also necessary to accept on 80 port.

In the "/" Location setting, we deny the specified IP.
I refuse the specified IP address after allowing all.

In the "/*/test/" Location setting, we allow the specified IP.
After denying all IP addresses, only the specified IP address is allowed.