كلاود فلير CloudFlare حل مشكلة Restoring visitors IP with mod_remoteip

**Rise Company** · 21-12-2021, 09:19

كلاود فلير CloudFlare حل مشكلة Restoring visitors IP with mod_remoteip
How to enable mod_remoteip - Restoring visitors IP with mod_remoteip
cpanel mod_remoteip - CloudFlare IPs still shown in netstat after mod_remoteip is enabled
WHMCS: Troubleshooting Server IP Address Appearing in Client Logs

Sometimes you'll have traffic come from another source such as Cloudflare, another proxy source, or a dedicated firewall. Apache offers mod_remoteip which will allow you to restore the original visitor address.

Apache's mod_remoteip allows Apache to extract the visitor IP from requests received from proxies and load balancers. This enables your website and logs to know the actual visitor IP, rather than the connection showing the proxy or load balancer's IP. This guide will cover how to install and configure mod_remoteip.

--------------------------------------------------
1- قم بتثبيت من داخل whm من المسار Home »Software »EasyApache 4
--------------------------------------------------

او من الامر

كود:

yum install ea-apache24-mod_remoteip

--------------------------------------------------
2- وضع RemoteIPHeader التى تعرف الايبيهات للزوار
--------------------------------------------------
هناك طريقتين اختر الاسهل لك

الطريقة الاولى

RemoteIPHeader should be replaced with the header used to pass the visitor IP from the proxy or load balancer. Typically,
this will be one of the following. Note that Nginx with Reverse Proxy (ea-nginx) uses the X-Forwarded-For header.

X-Forwarded-For
X-Client-IP
X-Cluster-Client-IP
CF-Connecting-IP

هناك 4 انواع كما فى الاعلى ظاهر , اختر واحد منهم
اما Nginx هو الاول X-Forwarded-For
الكلاود فلير هو الاخير CF-Connecting-IP

هناك ملفين يمكنك الاختيار اى واحد منهم لوضع القيم المطلوبة

من خلال whm من المسار
Home »Service Configuration »Apache Configuration »Include Editor

هذا الملف pre فاضى بداخله كانه custom مخصص لك
(select all versions), and insert this code:

الكود يختلف اما nginx او كلاود فلير cloudflare
ضع المناسب لك

كود:

<IfModule !mod_remoteip.c>
LoadModule remoteip_module modules/mod_remoteip.so
</IfModule>

<IfModule mod_remoteip.c>
# CloudFlare Header
RemoteIPHeader CF-Connecting-IP

# Trusted Proxy List
# note - using RemoteIPTrustedProxy instead of RemoteIPInternalProxy
# note - RemoteIPTrustedProxy does NOT trust Header provided private intranet addresses (local and LAN addresses)
# note - RemoteIPInternalProxy is a security risk when using an external Proxy

# CloudFlare IPv4 Address Ranges
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22

# CloudFlare IPv6 Address Ranges
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
</IfModule>

من خلال هذا الامر يمكنك ايضا عمل ذلك

كود:

nano /etc/apache2/conf.d/includes/pre_virtualhost_global.conf

الطريقة الثانية
ننصح بها سهلة
وضع كود Header و IP فى ملف اخر داخل mod_remoteip.conf

كود:

nano /etc/apache2/conf.modules.d/370_mod_remoteip.conf

الرقم بالاحمر 370 رقم قد يختلف من سيرفر الى اخر مثلا : 360
عند فتح الملف هيكون به سطرين اسفله ضع الكود المطلوب

كود:

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 140.90.30.111 140.90.30.222

هنا يتم وضع اي بي السيرفر ns1 و ns2 والفاصل بينهم مسافة space

--------------------------------------------------
3- اظهار الاى بى فى ملفات اللوج Log
--------------------------------------------------

هناك نوعين من Log الاول هو combined و الاخر comon اذهب الى المسار
Home » Service Configuration » Apache Configuration » Global Configuration

وقم بازالة حرف h وضع مكانها حرف a
And modify both of the LogFormat (combined, and common) by replace the "h" with an
"a".

من

كود:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

الى

كود:

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %b" common

This format captures the header with the %h field which is the proxy address in our example.
Because we want the originating client IP address instead of the remote IP being logged, we replace this with an %a.

Save and restart Apache and that should handle this.

--------------------------------------------------

Test the configuration.

Run the following command to check the Apache configuration. Any errors will need to be resolved before proceeding.

كود: