Zimbra Webclient behind Apache Reverse Proxy

[mircevski]

Hi,

I have the following situation:

Zimbra FOSS edition behind an Apache Reverse Proxy.

For accesing the mailboxes, users can either use a mail client like Outlook/Thunderbird/etc. or the Webmail client.

For accesing with a mail client I've setup some port redirect rules for 25,110,143,993,995 ports, so every client can be seen by Zimbra Server with its originating ip. The originating IP goes into the logs.

For the webclient, in the logs I can see only the ip of the Reverse Proxy.

How can I configure Zimbra so that it will log the originating ip of the user and not the proxy ip???

I mention that the Apache Reverse Proxy is setup to forward the originating ip. I've tested this with my webserver that it is also behind the same reverse proxy.

Thanks a lot

Mircea

[jummo]

mod_rpaf can set the remote_addr of incoming clients connection to the vaule of X-Forwarded-For for a reverse proxy connection.

[mircevski]

As I said before, I have another web server (apache) with no mod_rpaf enabled which logs the originating ip just by using this line

CustomLog /var/log/httpd/www-access.log "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""

Notice the %{X-Forwarded-For}i ... this should be enough for zimbra, but from what I understand, Zimbra uses Apache Tomcat to generate it's webmail client so there should be a diferent kind of directive.

Maybe I'm wrong somwhere ... please help

[jummo]

I think it's better to get the Apache to set remote_addr to the originating ip than edit some files in the Zimbra distribution to get Jetty (or whatever) to log X-Forwarded-For instead of remote_addr. You need to edit the files again every time you upgrade the Zimbra distribution.

Zimbra 6.0.X use Jetty as application server.