vBulletin 4 Cloud flare
vbulletin cloudflare - vbulletin IP Whitelist - disable login strike
How to get real visitor IP address in vBulletin when using CloudFlare - Reverse Proxy IP



:



.

:

config.php
whitelist

You should exclude the AdminCP from being cached with Cloudflare's (or any CDN) services.
IN order to use Cloudflare caching on the front-end
you need to set up the Proxy server information in your /core/includes/config.php.
It is this code:

:
/* #### Reverse Proxy IP ####
If your use a system where the main IP address passed to vBulletin is the address of a proxy server
and the actual 'real' ip address is passed in another http header then you enter the details here */

/* Enter your known proxy servers here. You can list multiple trusted IPs separated by a comma.
You can also use the * wildcard (at the end of a definition only) or use the keyword 'all' to represent any ip address.*/
//$config['Misc']['proxyiplist'] = '127.0.0.1, 192.168.*, all';

/* If the real IP is passed in a http header variable other than HTTP_X_FORWARDED_FOR, then you can set the name here; */
//$config['Misc']['proxyipheader'] = 'HTTP_X_FORWARDED_FOR';
For Cloudflare you should probably set it like this:

:
$config['Misc']['proxyiplist'] = 'all';
$config['Misc']['proxyipheader'] = 'HTTP_CF_CONNECTING_IP';
-------------------------------------------------------

Cloudflare and Sucuri act as a reverse proxy for sites using their service, which means that all of the visitor IPs will show as theirs. So if you are on the Who's Online page, you will see CloudFlare/Sucuri IP addresses instead of the actual visitor IPs. If you got spammers on your site, you wouldn't be able to ban their IP addresses, otherwise, you would ban the CloudFlare/Sucuri IPs.

To resolve this, vBulletin 4.2+ and 5.1.9+ have a Reverse Proxy IP feature that can be easily configured in config.php file.

Using an FTP client (e.g. FileZilla) or cPanel File Manager, navigate to the config.php file and edit it. For vB5, the file is located at <forum root directory>/core/includes/config.php. For vB4, it is located at <forum root directory>/includes/config.php.

Scroll down to the Reverse Proxy IP section. Below is a snippet of this section:

:
 /* #### Reverse Proxy IP ####
If your use a system where the main IP address passed to vBulletin is the address of a proxy server
and the actual 'real' ip address is passed in another http header then you enter the details here */

/* Enter your known proxy servers here. You can list multiple trusted IPs separated by a comma.
You can also use the * wildcard (at the end of a definition only) or use the keyword 'all' to represent any ip address.*/
//$config['Misc']['proxyiplist'] = '127.0.0.1, 192.168.*, all';

/* If the real IP is passed in a http header variable other than HTTP_X_FORWARDED_FOR, then you can set the name here; */
//$config['Misc']['proxyipheader'] = 'HTTP_X_FORWARDED_FOR';  

 
As you can see, the settings are commented out (has // in front). This means that those settings are ignored. To enable them, you have to remove the // and then change the values accordingly.

For vB5, you can use the keyword 'all' in the 'proxyiplist' setting and you don't have to enumerate all the CloudFlare/Sucuri IP addresses. You can also use IP ranges. But I prefer using the 'all' keyword so I don't have to maintain the IP list which can get updated. This is what I did here on this site.

For vB4, I believe you have to specify the list of all CloudFlare/Sucuri IP addresses. No IP ranges or 'all' keyword.




:
Since Cloudflare IP addresses (listed here ), can I put all IPV4 & IPV6 addresses in the config.php line like that?
: 108.162.192.0/18, 197.234.240.0/22, 2606:4700::/32, 2405:b500::/32 and so on?

vBulletin doesn't understand CIDR notation.
, :

:
//default configuration for Cloudflare proxy.
$config['Misc']['proxyiplist'] = '103.21.*, 103.22.*, 103.31.*, 104.16.*, 104.24.*, 108.162.*, 131.0.*, ' .
    '141.101.*, 162.158.*, 172.64.*, 173.245.*, 188.114.*, 190.93.*, 197.234.*, 198.41.*, ' .
    '2400:cb00:*, 2405:b500:*, 2405:8100:*, 2606:4700:*, 2803:f800:*, 2c0f:f248:*, 2a06:98c0:*';

$config['Misc']['proxyipheader'] = 'HTTP_CF_CONNECTING_IP';
12 /2021

Link to the Sucuri IP addresses (scroll down to vBulletin 4.2+)
https://kb.sucuri.net/firewall/Troub...g/same-user-ip

For rhe 'proxyipheader' settings, you can keep the default proxyipheader value 'HTTP_X_FORWARDED_FOR' for CloudFlare. If that doesn't work, then use 'CF-Connecting-IP'.
For Sucuri, use 'HTTP_X_SUCURI_CLIENTIP'.

To summarize:

CloudFlare (vB5): (this is what I used on this site)


:
 $config['Misc']['proxyiplist'] = 'all'; // or use the IP addresses in https://www.cloudflare.com/ips/
$config['Misc']['proxyipheader'] = 'HTTP_X_FORWARDED_FOR'; // or use 'CF-Connecting-IP'  
 
CloudFlare (vB4):


:
 $config['Misc']['proxyiplist'] = '<use the CloudFlare IP addresses>'; // IP addresses in https://www.cloudflare.com/ips/
$config['Misc']['proxyipheader'] = 'HTTP_X_FORWARDED_FOR'; // or use 'CF-Connecting-IP'  
 
Sucuri (vB5):


:
 $config['Misc']['proxyiplist'] = 'all'; // or use the IP addresses in https://kb.sucuri.net/firewall/Troubleshooting/same-user-ip (scroll down to vBulletin 4.2+)
$config['Misc']['proxyipheader'] = 'HTTP_X_SUCURI_CLIENTIP';  
 
Sucuri (vB4):

$config['Misc']['proxyiplist'] = '<use the Sucuri IP addresses>'; // IP addresses in https://kb.sucuri.net/firewall/Troub...g/same-user-ip (scroll down to vBulletin 4.2+)
$config['Misc']['proxyipheader'] = 'HTTP_X_SUCURI_CLIENTIP';

Last edited by glennrocksvb; 06-13-2017, 10:14 PM.

For those using Nginx you MUST USE http_realip_module MODULE, it's not compiled by default so you have to compile it. Then after, just add this config to your default.conf host in your website location:

### CloudFlare Proxy REAL IP ###

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;

set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;


# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;

There's no need to edit add the ip or use the proxy options in config.php. These defaults options work just well.

> https://support.cloudflare.com/hc/en...IP-with-Nginx-
> http://nginx.org/en/docs/http/ngx_ht...e.html#example
> https://www.cloudflare.com/ips/

--------------------------------------------



vBulletin 4 | Please wait 15 minutes


:
https://forum.vbulletin.com/forum/vb...udflare-issues
https://support.cloudflare.com/hc/en...al-visitor-IPs
https://support.cloudflare.com/hc/en...-Xenforo-MyBB-
https://forum.vbulletin.com/forum/vb...8-ip-whitelist
https://vbmods.rocks/blogs/vbulletin...lare-or-sucuri
https://www.cloudflare.com/ips/