Enable remoteip Apache Module

Fix Nginx & Apache Real IP Not Shown on Website Attacks – Rpaf or Remoteip Apache Modules Need Loading

KVM VPS Hosting AdvertisementKVM VPS Unlimited Bandwidth

KVM VPS Hosting with KVM VPS Unlimited Bandwidth, KVM virtual private server hosting starting at only $30 a month. Cheap KVM Hosting up to 6 Cores @ 2.83Ghz, 12GB Memory, 1TB RAID-10 with Unlimited Bandwidth.

Fix Nginx & Apache Real IP Not Shown on Website Attacks

Be careful when enabling and disabling your apache modules. Fix Nginx & Apache Real IP Not Shown on Website Attacks when I was running Fail2ban WordPress Jail and also I’m using CSF LFD regex for WordPress Login Intrusion Attacks and WordPress XML attacks was banning server ip address.

I was originally pointed to this website by Plesk Tech, but the command plesk sbin httpd_modules_ctl –enable rpaf did not work for me, and when I checked httpd config files I did not have the rpaf module. I than read some where that rpaf module can be replaced with remoteip apache module. When I enabled remoteip apache module Fail2ban and CSF LFD starting banning the correct offending ip addresses.

Below is the instructions on how to fix rpaf or remoteip problem.

Rpaf or Remoteip Apache Modules Need Loading

They say this problem is caused by apache with nginx. Rpaf or Remoteip apache modules need loading for this problem to be fixed.

It says that a Plesk 12.5 update disabled rpaf, I’m running Plesk Onyx on CentOS 7 / CloudLinux 7 and I did not have the rpaf module inside my apache config files. If you have this problem you’ll see that every website visitor you see in statistics, etc will show your server ip address instead of the visitors and also inside the log files. $_SERVER[‘REMOTE_ADDR’]; will show your IP address instead of the visitors.

Fail2ban bans IP addresses belonging to the server you can check the site by clicking the hyperlink.

         Fix Website Traffic to Show Real Visitors IP Address

Plesk Onyx Fail2ban Banning Server IP Address = Use remoteip module if you don’t have rpaf to fix the problem and it will show the correct ip addresses for banning and be the correct ip address instead of it trying to ban the servers ip address.

If this does not work for you install the module remoteip this worked for me, I’m using Plesk Onyx and I didn’t have the apache module rpaf installed.

If the command plesk sbin httpd_modules_ctl –enable rpaf does not fix the problem, follow the below instructions.
Do the below commands to see if you have rpaf or remoteip as loaded apache modules.

httpd -M | grep rpaf

httpd -M | grep remoteip

If you don’t see any thing you’ll need to either enable rpaf or remoteip apache modules.

Find where the rpaf or remoteip module is located and uncomment it out.

cat /etc/httpd/conf.d/* | grep rpaf

or

cat /etc/httpd/conf.d/* | grep remoteip

If you don’t see any in there, than try the below. Mine was remoteip and located in /etc/httpd/conf.modules.d/00-base.conf I’m running CloudLinux 7 on Plesk Onyx 17.0.17 and uncommented remoteip.

cat /etc/httpd/conf.modules.d/* | grep rpaf

I didn’t get any results for the above, but the below found remoteip apache module for me.

cat /etc/httpd/conf.modules.d/* | grep remoteip
LoadModule remoteip_module modules/mod_remoteip.so

cat /etc/httpd/conf.modules.d/00-base.conf | grep remoteip
LoadModule remoteip_module modules/mod_remoteip.so

Edit Apache /etc/httpd/conf.modules.d/00-base.conf file and uncomment 

LoadModule remoteip_module modules/mod_remoteip.so

Nginx & Apache Real IP Not Shown on Website Attacks

Uncomment LoadModule remoteip_module modules/mod_remoteip.so and restart apache.

 

 

 

 

nano /etc/httpd/conf.modules.d/00-base.conf

or you can use vi whichever editor you like best.

vi /etc/httpd/conf.modules.d/00-base.conf

Uncomment Remoteip Module:

LoadModule remoteip_module modules/mod_remoteip.so

 

Enable remoteip Apache Module

Enable remoteip Apache Module Plesk Onyx and Fix Website Traffic to Show Real Visitors IP Address

 

 

 

 

 

 

Now check to see if you have any errors in apache before restarting apache.

httpd -t

If it says Syntax Okay, Go ahead and restart apache and nginx while you’re at it.

CentOS 7

systemctl restart httpd

CentOS 6

service httpd restart

                      Restart Nginx

CentOS 7

systemctl restart nginx

CentOS 6
service httpd restart

Make sure to tail -f your apache and nginx log files while doing the restarts.

tail -f /var/log/httpd/error_log /var/log/nginx/error.log

 

Launch Simulate Attack on WordPress xmlrpc if you have that CSF LFD Regex or Fail2ban Jail Enabled for WordPress XMLRPC Attacks.

while true; do curl -X POST https://www.example.com/xmlrpc.php ; done

 

 

 

Alpha Computer and Web Services
5439 Sawgrass RD
Sarasota, Florida 34232
941-539-9680
941-586-2294

Sarasota Computer Repair and Web Services in Southwest Florida area

Lee Claxton Sarasota