Came to a problem a few days ago. If an EC2 instance is behind an ELB (Elastic Load Balancer) then in apache logs all you will see is ELB’s internal IP addresses. This post might be interesting to AWS users hosting their site on EC2 with apache and wanting to see client IP addresses in apache logs. Let’s assume we are using Amazon Linux with httpd daemon. Here is what you have to do:
1st – enable mod_remoteip (actually should be enabled by default). You can check it with this:
$ apachectl -M | grep 'remoteip'The output should look something like this:
remoteip_module (shared)Then you need to modify httpd.conf file:
$ vi /etc/httpd/conf/httpd.confAnd add these lines just before first LogFormats directive:
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.31.0.0/16
</IfModule>Also in the same file you should change any LogFormat directive and replace %h with %a, here’s an example. Before:
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
After:
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
More information can be found in apache documentation:
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats