Using apache allow/deny with a load balancer forwarding the clients IP as X-Forwarded-For

In this example, I have a HAproxy load balancer setup, and its forwarding the clients IP so you see that instead of the load balancer in the log files.

It is fowarded by changing the log format to:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Where You substitute %{X-Forwarded-For}i for %U

In order for apache to use this value to allow/deny people you need to set it like the following:

SetEnvIfNoCase ^X-Forwarded-For ^1\.2\.3\.4 officeip


Order deny,allow
Deny from all
Allow from env=officeip