+
1 2 2
  1. #1
    Status
    Offline
      Rise Company
    Engineering and Technology
    Apr 2014
    Egypt
    4,656
    10

    CloudFlare Restoring visitors IP with mod_remoteip


    CloudFlare Restoring visitors IP with mod_remoteip
    How to enable mod_remoteip - Restoring visitors IP with mod_remoteip
    cpanel mod_remoteip - CloudFlare IPs still shown in netstat after mod_remoteip is enabled
    WHMCS: Troubleshooting Server IP Address Appearing in Client Logs


    Sometimes you'll have traffic come from another source such as Cloudflare, another proxy source, or a dedicated firewall. Apache offers mod_remoteip which will allow you to restore the original visitor address.

    Apache's mod_remoteip allows Apache to extract the visitor IP from requests received from proxies and load balancers. This enables your website and logs to know the actual visitor IP, rather than the connection showing the proxy or load balancer's IP. This guide will cover how to install and configure mod_remoteip.

    --------------------------------------------------
    1- whm Home Software EasyApache 4
    --------------------------------------------------




    :
    yum install ea-apache24-mod_remoteip
    --------------------------------------------------
    2- RemoteIPHeader
    --------------------------------------------------




    RemoteIPHeader should be replaced with the header used to pass the visitor IP from the proxy or load balancer. Typically,
    this will be one of the following. Note that Nginx with Reverse Proxy (ea-nginx) uses the X-Forwarded-For header.


    • X-Forwarded-For
    • X-Client-IP
    • X-Cluster-Client-IP
    • CF-Connecting-IP


    4 ,
    Nginx X-Forwarded-For
    CF-Connecting-IP



    whm
    Home Service Configuration Apache Configuration Include Editor





    pre custom
    (select all versions), and insert this code:


    nginx cloudflare


    :
    <IfModule !mod_remoteip.c>
    LoadModule remoteip_module modules/mod_remoteip.so
    </IfModule>
    
    <IfModule mod_remoteip.c>
    # CloudFlare Header
    RemoteIPHeader CF-Connecting-IP
    
    # Trusted Proxy List
    # note - using RemoteIPTrustedProxy instead of RemoteIPInternalProxy
    # note - RemoteIPTrustedProxy does NOT trust Header provided private intranet addresses (local and LAN addresses)
    # note - RemoteIPInternalProxy is a security risk when using an external Proxy
    
    # CloudFlare IPv4 Address Ranges
    RemoteIPTrustedProxy 173.245.48.0/20
    RemoteIPTrustedProxy 103.21.244.0/22
    RemoteIPTrustedProxy 103.22.200.0/22
    RemoteIPTrustedProxy 103.31.4.0/22
    RemoteIPTrustedProxy 141.101.64.0/18
    RemoteIPTrustedProxy 108.162.192.0/18
    RemoteIPTrustedProxy 190.93.240.0/20
    RemoteIPTrustedProxy 188.114.96.0/20
    RemoteIPTrustedProxy 197.234.240.0/22
    RemoteIPTrustedProxy 198.41.128.0/17
    RemoteIPTrustedProxy 162.158.0.0/15
    RemoteIPTrustedProxy 104.16.0.0/12
    RemoteIPTrustedProxy 172.64.0.0/13
    RemoteIPTrustedProxy 131.0.72.0/22
    
    # CloudFlare IPv6 Address Ranges
    RemoteIPTrustedProxy 2400:cb00::/32
    RemoteIPTrustedProxy 2606:4700::/32
    RemoteIPTrustedProxy 2803:f800::/32
    RemoteIPTrustedProxy 2405:b500::/32
    RemoteIPTrustedProxy 2405:8100::/32
    RemoteIPTrustedProxy 2a06:98c0::/29
    RemoteIPTrustedProxy 2c0f:f248::/32
    </IfModule>

    :
    nano /etc/apache2/conf.d/includes/pre_virtualhost_global.conf




    Header IP mod_remoteip.conf

    :
    nano /etc/apache2/conf.modules.d/370_mod_remoteip.conf
    370 : 360






    :
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 140.90.30.111 140.90.30.222
    ns1 ns2 space

    --------------------------------------------------
    3- Log
    --------------------------------------------------

    Log combined comon
    Home Service Configuration Apache Configuration Global Configuration



    h a
    And modify both of the LogFormat (combined, and common) by replace the "h" with an
    "a".


    :
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    :
    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %b" common
    This format captures the header with the %h field which is the proxy address in our example.
    Because we want the originating client IP address instead of the remote IP being logged, we replace this with an %a.

    Save and restart Apache and that should handle this.


    --------------------------------------------------

    Test the configuration.


    Run the following command to check the Apache configuration. Any errors will need to be resolved before proceeding.

    :
    apachectl -t
    Restart Apache with the following command.


    :
    /scripts/restartsrv_httpd
    :
    https://support.cpanel.net/hc/en-us/...h-mod-remoteip
    https://support.cpanel.net/hc/en-us/...e-mod-remoteip
    https://httpd.apache.org/docs/2.4/mo...g.html#formats
    https://forums.cpanel.net/threads/vi...dflare.594027/
    https://www.ucartz.com/clients/index...on-cPanel.html
    https://support.cloudflare.com/hc/en...5XWe97z77b3XZV
    https://serverok.in/install-mod_remo...-cpanel-server
    https://forums.cpanel.net/threads/he...method.667129/
    https://www.vpsblocks.com.au/support...der-cloudflare
    https://support.cpanel.net/hc/en-us/...eip-is-enabled
    https://devanswers.co/get-real-clien...re-apache-php/
    https://help.whmcs.com/m/troubleshoo...in-client-logs
    ------------------------------------------------------------------------
    Rise Company for Engineering & Technology
    ------------------------------------------------------------------------
    Web Hosting | Web Designing | E-Marketing

    # 1 Business Services

    Web Hosting - Business Emails

    Web Design - Google Adwords

    www.rise.company | www.rise.company/emails

    :
    ! .



  2. #2
    Status
    Offline
      Rise Company
    Engineering and Technology
    Apr 2014
    Egypt
    4,656
    10

    : CloudFlare Restoring visitors IP with mod_remoteip

    mod_remoteip was enabled, why do I still see CloudFlare IPs when I execute "netstat"?


    The "netstat" command will review network data that your server receives. From a network standpoint, CloudFlare is connecting to your server. The data that CloudFlare sends to the webserver in headers would contain the IP that you are looking for. Apache's mod_remoteip will extract the IP from those headers and place them in your logs. As a result, you will see the real IP in logs, but not within "netstat" output.

    ---------------------------------------
    ------------------------------------------------------------------------
    Rise Company for Engineering & Technology
    ------------------------------------------------------------------------
    Web Hosting | Web Designing | E-Marketing

    # 1 Business Services

    Web Hosting - Business Emails

    Web Design - Google Adwords

    www.rise.company | www.rise.company/emails

    :
    ! .



  1. CloudFlare MP4 IPhone / IOS
    Rise Company CloudFlare
    : 0
    : 02-12-2021, 16:14
  2. : 0
    : 01-12-2021, 21:12
  3. : 0
    : 08-10-2021, 19:43
  4. Whmcs AUTO LOGOUT CloudFlare
    Rise Company Whmcs
    : 0
    : 21-12-2020, 02:03
  5. : 0
    : 16-12-2020, 00:46