Logging IP’s on Apache while behind an ELB

We recently had an issue where we had to track the IP’s of the remote hosts connecting to the servers behind our Amazon elastic load balancer. In order to accomplish this we had to adjust the LOGFORMAT of the apache server to log that X-FORWARDED-FOR header that is sent by the ELB. This can vary depending on the server, but you will either need to edit your httpd.conf or apache2.conf file (often in /etc/apache2/).

Add the following to your apache config (comment out the existing settings).





First to find where to place it, you can just search out LOGFORMAT to find the existing settings. Comment the out (or delete if you want) and add the following:

LogFormat "%v:%p %{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O" common

Now restart your apache server and you should start to see the IP’s in the logs versus just the load balancer IP.

This is useful if you want to try to block or limit traffic to/from specific IP’s to the servers behind the ELB.