## To activate mod_removeip, do: -- Apache 1.33 cp /usr/share/doc/libapache-mod-removeip/examples/mod_removeip.conf /etc/apache{-VERSION}/conf.d/ and restart apache -- Apache2 a2enmod removeip && /etc/init.d/apache2 force-reload ## Some details about mod_removeip and web apps/access restrictions: Most of all, it means that any IP address based access restriction or other security measures based on diversity (and possibly non-predictability) of IP addresses implemented on the web application layer will no longer provide any security. This may allow for easier circumvention of applications' security measures (which may include additional authentication tokens besides IP addresses, such as session IDs or login credentials). It should also be noted that applications which base some or all of their functionality on an expected diversity of IP addresses, such as an access log analyzer which provides statistics per IP address, will loose some or all of their functionality. Fortunately, libapache2-mod-removeip does _not_ cause apache to grant everyone access to access restricted areas based on "Allow/Deny from" directives. As such, it does, for example, not change whom is able to access http://some.host/server-status .