How to capture client IP addresses in Apache access logs using AWS Elastic Load Balancer

Posted on Wed 22 May 2019 in misc

A few weeks ago I was trying to setup the X-Forwarded-For header so that Apache would log the client's IP address instead of the address of the ELB. Amazon's tutorial here states that the only requirement is to set the LogFormat line in the config file to include the X-Forwarded-For format string, but afterwards Apache still logged the ELB's IP address.

To get it to work, I had to set the RemoteIPHeader directive like so:

RemoteIPHeader X-Forwarded-For

The RemoteIPHeader tells Apache that it should treat the header value as the client IP address. The ELB uses the X-Forwarded-For header to pass the client's address to Apache.

Then you will need to set the LogFormat directive to include the client IP using the %a format string. Here's is how it looks in my config:

LogFormat '"%a %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"' combined

Now Apache logs the client IP: - - [21/May/2019:13:18:58 +0000] "GET /index.html HTTP/1.1" 200 - "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36