Apache, Akamai, and True-Client-IP

You’re running a site behind Akamai, but can’t see the real client’s IP address, only that of your load balancer and/or Akamai’s IP addresses. Therefore you can’t act on it, ban IP’s….etc.

Akamai does pass the true IP address of clients, but not through the standard X-Forwarded-For header. It uses one named True-Client-IP. Apache doesn’t understand True-Client-IP so it doesn’t pass this along internally to logging and other modules like PHP.

There exists an Apache module named mod_remoteip which was introduced in Apache 2.4. A lot of sites don’t run Apache 2.4 yet as of the time of this article, but you can get a backported mod_remoteip module [link] thanks to Brane F Gracnar which runs with Apache 2.2. This module will take the value of True-Client-IP (or any other custom header) and overwrite REMOTE_ADDR internally, thereby allowing Apache to work with the real IP address of the client.

You can compile and install the module with

apxs -i -a -c mod_remoteip.c

After that, put this into your Apache vhost

RemoteIPHeader True-Client-IP

That’s all there is to it! The real clients IP address will now show in logs and in Apache server-status.

The one thing that will save the most battery

There are a lot of ways to get more battery time out of your iPhone. Turn off Airdrop, Bluetooth, Location services, Background App Refresh, so on and so on. While they do work, they don’t make a significant difference. The single most thing that … [Continue reading]

P2V old linux distributions with VMware Converter

Just the other day, I had the "privilege" of P2V'ing some really old CentOS 3.7 and 3.8 physical servers. The process certainly had it's challenges. Here is how I did it. Very old distributions of Linux will not support any of the virtual SCSI … [Continue reading]