Incapsula is a great resource to help protect your web site from unwanted traffic and attacks. It is a cloud-based application delivery platform, providing among other things:
- Content Delivery Network (CDN)
- Distributed Denial of Service (DDoS) Mitigation
- Web Application Firewall (WAF)
Incapsula acts as a proxy, sitting in front of the nodes its protecting. The DNS points to Incapsula which hides the IP address to your site. Incapsula analyses the traffic and removes any unwanted requests before passing it on to the web node.
As with any proxy-based system, the proxy rewrites the the X-Forwarded-For header information with the originating IP address. However, Apache needs to be configured to use the header information.
Enable X-Forwarded-For
To enable X-Forwarded-For, open the main Apache configuration file and find the section that defines the LogFormat:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Then add the following additional line:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
Lastly edit the configuration file for your virtual host:
# vim /etc/apache2/sites-enabled/pikedom.com.conf
Then comment out the existing CustomLog, combined in my example:
#CustomLog /var/www/pikedom.com/pikedom-access.log combined
And add a new entry for the CustomLog we created, proxy:
CustomLog /var/www/pikedom.com/pikedom-access.log proxy
Check Apache configuration for errors:
# apachectl -t
If none, restart Apache:
# service apache2 restart
To confirm X-Forward-For is working, first confirm what your public IP address is:
[andy@home-pc ~]$ curl -4 icanhazip.com 180.112.113.2
Then tail the access log and grep for your IP while visiting the site:
root@webhost1:~# tailf /var/www/pikedom.com/pikedom.com-access.log | grep 180.112.113.2 180.112.113.2 - - [26/Mar/2018:10:39:02 +0100] "GET / HTTP/1.1" 301 325 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0" 180.112.113.2 - - [26/Mar/2018:10:39:02 +0100] "GET / HTTP/1.1" 200 17576 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0" 180.112.113.2 - - [26/Mar/2018:10:39:03 +0100] "GET /skin/frontend/pikedom/default/favicon.ico HTTP/1.1" 200 1243 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0" ^C root@webhost1:~#
Job done!
Be the first to comment