Cloud WAF (formerly Incapsula) is deployed as a reverse proxy in front of your Joomla application. This means that all traffic coming to your site through Cloud WAF will be seen as coming from one of Imperva IPs.
In order to make sure that your Apache logs get the correct user IP you can use the following Apache module. This module will make sure that any reference to the user IP in your Apache will use the correct IP address.
mod_rpaf doesn't support IP Ranges, so it is no use for incapsula.
Why can't Incapsula provide a module similar to mod_cloudflare?
Solution here: http://support.incapsula.com/entries/22227367-solution-get-visitor-s-real-ips-on-your-dedicated-server-or-vps
thats not helpful at all. whats the config file for this apache module ? its actually impossible to use this method as you need to type in all 1000 or so incapsula ips into the module config file.
have you even bothered to test it out before posting it up ? obviously not.
@theplanetbeat -
Apologize for the late response.
Since the x-forwarded-for header that is sent from Incapsula contains only the end-user IP address, there is no need to add the Incapsula IPs to the module (these are added when the field contains a few addresses, and thus has to know which ones to disregard).
solution to the problem on centos 6
yum install mod_extract_forwarded
then open the /etc/httpd/conf.d/mod_extract_forwarded.conf
add the line MEFaccept all
restart the server
Mod_rpaf was not working in one server, then I found this article: http://knowledgevoid.com/blog/2012/01/13/logging-the-correct-ip-address-using-apache-2-2-x-and-amazons-elastic-load-balancer/
xxxx's solution worked, I had to download the package, (cloudlinux)
http://rpmfind.net//linux/RPM/epel/6/x86_64/mod_extract_forwarded-2.0.2-8.el6.x86_64.html