Dominik Honnef

Apache behind a remote lighttpd proxy and the caveats

Last modified:


The subdomain I use belongs to a friend, who isn’t able to set A or CNAME entries, so he uses lighttpd + mod_proxy to redirect it to my server.

The Problem

And that’s where the problems started. Because of the proxy, the HTTP REMOTE_ADDR isn’t the one of the visitor anymore but the one of the proxy, which in turns collides with log analysis, GeoIP and alike.

The Solution

In general, a simple solution would be to use the Apache module “rpaf”, which uses the X-Forwarded-For header to properly set REMOTE_ADDR.

In my case, that wasn’t the whole solution though. Instead of an IPv4 address, the lighttpd installation of my friend transmitted an IPv6 one, which then again didn’t work with GeoIP either, as it only supports IPv4. In this case, the solution was to run a local lighttpd, which itself uses mod\_extforward to make use of X-Forwarded-For, and then properly forward the request to Apache, this time using IPv4.

Oh, also important: rpaf has to be loaded before GeoIP, otherwise the latter uses the wrong IP for lookups.