The journey through the Amazon Cloud (AWS) is quite amazing. Recently I had to use two EC2 instance with Elastic Load balancer. Once the website was served with load balancer only the load balancer IP was logged as remote IP.
After Googling for few hour and with trial and error method I got the correct Apache log format so that the real remote IP is logged.
I created a custom log format with a name “combined_new” and used it in all the virtual host configured in Apache. But you can use the format however you want.
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_new
#....
#...
#
# START_HOST example.com
ServerName example.com
DocumentRoot "/var/www/example.com/html"
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
CustomLog /var/www/logs/example.com/access_log combined_new
ErrorLog /var/www/logs/example.com/error_log
# END_HOST example.com
Before you make any changes to httpd.conf please go through Apache log module.
I hope this small tip helps 😉
Note: Always backup your original httpd.conf before you make any changes.
You may want to make sure you capture the most recent entry in X-Forwarded-For. I don’t think it automagically pulls the relevant one out of the string.
http://resullus.org/capturing-client-ip-address-in-apache-when-us#more