Forum Discussion
Che_Wang_86502
Nimbostratus
NimbostratusApache mod_status "server-status" not showing Client IP
Having some trouble when I use mod_status in Apache. When I go to /server-status, the client IP is showing the F5 load balancer IP. I am already using the "X-Forwarded-For" HTTP header in LogFormat and that is showing the ip address correctly. Wondering how I can get the client IP working with mod_status.
Thanks.
- The LTM shouldn't be inserting its IP address unless it's being told to. Do you have snat turned on? If so, then you could selectively disable it for requests going to /server-status.
Something like:when HTTP_REQUEST { if {[HTTP::uri] eq "/server-status"} { snat none } } - Although keep in mind that could have awful results if your infrastructure demands the snat be in place. I realized I should mention this as I was hitting the post button.
Test first, be cautious, don't go randomly turning of snat if you're not sure what will break.
Disclaimer Disclaimer Disclaimer. ;)
Colin 
hooleylistCirrostratus
Or could you modify log_status to parse the XFF value instead of the IP packet header? I did a quick search online but didn't find anything obvious.
Aaron- Che_Wang_86502Hi Colin,
Thanks for replying. I am not currently using any SNATs. I did create the F5 iRULE that you recommended and enabled it for that particular VIP. No change. I am still seeing the F5 load balancer VIP ip address as the client ip source in http://[hostname]/server-status. So I disabled it.
As for mod_status, I don't think there is a way to change the module to look for a different HTTP header.
Although I don't know if I'm allowed to mention another LB device, but the Netscaler incorporates an Apache module 'mod_custom_header' which is loaded into the Apache webserver to deal with this exact situation I'm trying to resolve.
I'm wondering if someone else can reproduce this result? Or have any other suggestion?
I've been a lurker for the most part, because this forum has been so useful in answering all of my questions, until I had to post my own problem that hasn't been resolved.
Thanks for your help guys.
Best,
Che - Che,
I think you need to put some extra information to get real help on this problem. If you don't use either VIP's configured SNAT or global SNAT I see no possible ways to get BIG-IP's IP address to a pool member.
So question here is following. Do you load balance through virtual server to http://hostname.pointing.ti.VIP/server-status and you have ExtendedStatus On configured on your pool member and it shows VIP's ip as client address? 
HamishCirrocumulus
The monitors will run with the source address of the F5 device itself.
So everytime your monitor runs and does a 'GET /whatever' against the poolmember, mod_status will see it and count it as a hit from the F5's IP address (Because it is). Generally even on high volume websites, the F5's IP address will be seen as one of the biggest generators of requests
H
L4L7_53191Nice one Hamish I bet you're dead on the money with this one.
-Matt
Michael_YatesIf you are running an Active/Standby Pair you will see the health checks from both devices since both have to be aware of availablity status in case of a Failover.
Dave_103774I am having the same issue. Use the F5 to proxy (and soon load balance) for a server. When I goto the /server-status page client IP shows the F5 LTM. Now to the comment about making an exception, you are probably not seeing the question correctly. /server-status shows all the client IPs of all the connections from around the world (around 50-100 reqs/min for me on a slow time) all coming from F5. Now I incorporated the remoteip module on apache and setting the F5 IP as a proxy and the X-Forwaded-For in the configuration, my /var/log/vhost_access.log is now showing the correct IP without having to use the %{X-Forwarded-For}i LogFormat. So that is all working, however for some reason the /server-status continues to show the IP address of the F5. Interesting though, every once in a while it is showing 1 or 2 IPs that are the real client IPs, but in general the reported IP is still F5.
- Hamish
Hi Dave... My first reaction would be to ask if you'd seen my comment from 2011. Even on high volume sites, a large percentage of traffic is the health checks from your BigIP's.
What's the reported URI on those clients? And as you really are using SNAT, have you checked that it's not an issue with the mod_status module and remoteip?
