Nginx or Apache2 are behind an AWS cloudfront distribution.
Nginx or Apache2 access logs show cloudfront distribution IP(s).
-
Unusable access statistics with tools like awstats;
-
Fail2Ban triggers false positive, bans cloudfront IP(s);
-
... (others ?)
Adding some new configuration directives to Apache2 or Nginx. With these,
the web servers are getting the real IP address from the X-Forwarded-For
HTTP header as it is set by cloudfront (see doc).
Apache2 (remote ip module has to be enabled) :
- Copy the repository
/etc/apache2/conf-available/cloudfront.conffile into your system/etc/apache2/conf-available/directory; - Enable the configuration file and restart apache2 :
a2enconf cloudfrontsystemctl restart apache2
Nginx (real ip module has to be enabled) :
- Copy the repository
/etc/nginx/conf.d/cloudfront.conffile into your system/etc/nginx/conf.d/directory; - Restart nginx :
systemctl restart nginx
Finally, check your server access logs.