Skip to main content
Question

Real client IP not seen by centreon

  • March 19, 2026
  • 3 replies
  • 13 views
R
Forum|alt.badge.img+1

Hi,

 

I use centreon behind a HAProxy.

In the ACL menu I see the HAProxy IP address instead of the client IP Address.In my HAProxy, i’ve configured the frontend as http mode and forward X-Forwarded-For and on the backend too :

 

frontend web-secure
mode http
http-request set-header X-Forwarded-For %[src]

backend centreon
        mode http
        #same as forwardfor
        http-request set-header X-Forwarded-For %[src]
        server hostname  10.X.X.X:80

 

On the centreon server :
 

apache2ctl -V
Server version: Apache/2.4.66 (Debian)
Server built:   2025-12-05T18:54:44
Server's Module Magic Number: 20120211:141
Server loaded:  APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Compiled using: APR 1.7.2, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_PROC_PTHREAD_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

 

cat /etc/apache2/mods-enabled/remoteip.conf
<IfModule mod_remoteip.c>
    RemoteIPHeader X-Forwarded-For

    # IP HAProxy
    RemoteIPTrustedProxy 10.X.X.1 (haproxy IP)
    RemoteIPTrustedProxy 10.X.X.2 (haproxy IP)

    # Backends locaux FCGI
    RemoteIPInternalProxy 127.0.0.1
    RemoteIPInternalProxy ::1

    # Réseaux privés utilisés par tes clients
    RemoteIPTrustedProxy 10.0.0.0/8
    RemoteIPTrustedProxy 192.168.0.0/16

</IfModule>

And in the logs we can see the error :

tail -f /var/log/apache2/error.log 
[Thu Mar 19 11:10:15.708160 2026] [remoteip:debug] [pid 513813:tid 513813] mod_remoteip.c(679): [client 10.59.41.1:51914] AH01569: RemoteIP: Header X-Forwarded-For value of 10.X.X.1 appears to be a private IP or nonsensical.  Ignored

 

Please, someone could help me? 

 

Thanks in advance,

 

    3 replies

    C
    Centreon Lord Commander
    Forum|alt.badge.img+17
    • christophe.niel
    • Centreon Lord Commander
    • March 19, 2026

    Hello

    if you want the ip to appear in the apache log, you need to change the apache log format to include %a instead of %h

    mod_remoteip - Apache HTTP Server Version 2.4 as stated here, the ip of the client is %a

     

    example of an answer here logging - Getting Apache 2.4 access logs to show client IP instead of 127.0.0.1 with Varnish using mod_remoteip - Stack Overflow, but you can find a lot of example on how to log the remote ip with apache

    this is not really a centreon issue, but a apache config, you need to find the config line with “LogFormat” and modify it, this file and line depends on what distribution you are using

    on my alma it is in /etc/httpd/conf/httpd.conf, here:

    (change all %h by %a, and reload apache)

     

    I have not tested that change

    Centreon Lord Commander - https://www.centreon.com/centreon-community/
    R
    Forum|alt.badge.img+1
    • Romain P.
    • Author
    • Steward *
    • March 19, 2026

    Hi,

     

    Thanks for your reply.

    I’ve ajusted this configuration just after enabling the remoteip mod:

    root@debian:~# grep LogFormat /etc/apache2/apache2.conf
    LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
    LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %O" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent

    But in the logs I still have the proxy IP adress, I’ve restarted the apache2.service multiple time after each modification.

    I’ve created a file :

    cat /usr/share/centreon/www/testip.php
     

    <?php
    #var_dump(apache_request_headers());
    echo "REMOTE_ADDR = ".$_SERVER['REMOTE_ADDR']."\r\n";
    echo "REMOTE_IP = ".$_SERVER['REMOTE_IP']."\r\n";
    echo "XFF = ".$_SERVER['HTTP_X_FORWARDED_FOR']."\r\n";
    ?>

     

     

    And the result is :  REMOTE_ADDR = HAPROXYIP REMOTE_IP =empty XFF = clientip

     

     

    C
    Centreon Lord Commander
    Forum|alt.badge.img+17
    • christophe.niel
    • Centreon Lord Commander
    • March 19, 2026

    I cannot help you more with that, but maybe  the issue is how you setup Haproxy, 

    you do not need to set the header, and maybe that’s why you don’t have the correct information

    haproxy has a directive to pass the correct header automatically :

    Add an X-Forwarded-For header | HAProxy config tutorials

    Add a Forwarded header | HAProxy config tutorials

    and maybe the issue is the way the %a is interpreted in the log option

    here is another “doc” Apache and X-Forwarded-For Header: How to log XFF using Apache | Loadbalancer where they don’t use %a but another variable, and do a bit of intelligence to log the forwarded for logs with a different syntax than non forwaded for queries

    I have setup something like that in the past with that variable “%{X-Forwarded-For}i” but that was a long time ago

    after that, you’re on your own ;)

    Centreon Lord Commander - https://www.centreon.com/centreon-community/
    Terms & ConditionsCookie settingsAccessibility statement