Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header in WAF rule. Simply enable the remoteip module in Apache2 and add this to your vhost configuration:
RemoteIPHeader X-Client-IP RemoteIPHeader X-Forwarded-For RemoteIPProxiesHeader X-Forwarded-By RemoteIPInternalProxy 10.66.66.1
And configure the log format in apache2.conf:
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" forwarded ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded CustomLog ${APACHE_LOG_DIR}/access.log forwarded env=forwarded
However, how can I configure the Sophos Log Viewer to display the real user IP addresses?
Added FR TAG
[edited by: Erick Jan at 12:13 AM (GMT -7) on 8 Oct 2024]