I have several Cento7 machines running Apache 2.4. They are behind a load balancer. The load balancer pass X-Forwarded-For header with client IP. In order to have mod_evasive to use the real client IP, I enabled mod_remoteip.
Here is my config for mod_remoteip
RemoteIPHeader X-Forwarded-For
I can confirm it is working since I see apache logs the real client IP using this format
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
However the mod_evasive seems to still use the load balancer IP. Here is the config for mod_evasive
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir "/opt/logs/mod_evasive"
It generates log files in /opt/logs/mod_evasive, the files are still named with dos-<load balancer IP>.
How can make mod_evasive to use the real client IP?
