We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How can I log the actual client IP address on my apache server when using a Barracuda Web Application Firewall?

  • Type: Knowledgebase
  • Date changed: 6 months ago

Solution #00004488


Scope:

This solution applies to all Barracuda Web Application Firewalls.


Answer:

By default, the Barracuda Web Application Firewall forwards it's own IP address in the header. In order for apache to grab these headers and log the actual client IP, you need to make the below changes on the apache server.

Log in to the apache server and modify the httpd.conf file (/etc/httpd/conf or /usr/local/apache2/conf).


Note: Depending on your Web Server deployment, your LogFormat options may be set in a different file. Consult with your system administrator if changing settings in the default file does not have an effect on the Apache access_log.

  1. Open the httpd.conf file and change the following line

    from:
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

    to:
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

  2. Restart the httpd service. (i.e. service httpd restart, or /etc/init.d/apache2 restart)


Link to this page:

https://campus.barracuda.com/solution/50160000000HzfjAAC