LinuxWeb Servers

Enable Mod_RemoteIP – See Visitors’ Real IP address when using Cloudflare & Apache

If you are using Cloudflare on your Apache High Availability Server you will always see Cloudflare IPs in your logs and not the actual IP of the customer. It’s useful to know your visitor’s IP address to determine things like location. It’s also a good tool to help limit fraud. We’re going to enable Mod_RemoteIP and edit the default Apache configuration to restore your visitor’s true IP address when using Cloudflare.

Enable Mod_RemoteIP

Mod_RemoteIP is required for us to see our visitor’s real IP address. Enabled it in the console with the following command.

a2enmod remoteip

Edit Virtual Host

Your virtual host configuration will be located in the /etc/apache2/sites-available/ folder. Open up the virtual host in a text editor like Nano or vi. Add the RemoteIPHeader CF-Connecting-IP to the virtual host.

nano /etc/apache2/sites-available/f2h.cloud

<VirtualHost *:443>
       ServerAdmin webmaster@localhost
       ServerName f2h.cloud
       ServerAlias www.f2h.cloud
       RemoteIPHeader CF-Connecting-IP

Update Apache Configuration

So next we need to make some changes to the default Apache configuration. We need to change the Combined log to log visitors’ real IP addresses. Open up the /etc/apache2/apache2.conf file in your NVMe VPS and search for the combined log.

nano /etc/apache2/apache2.conf

Search for LogFormat by using CNTRL + W

Change the following line;

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

to

LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

You just need to update the first %h to %a. Save and close the file.

Define Cloudflare IPs

Finally, before we enable Mod_RemoteIP we need to tell Apache which IPs belong to Cloudflare. Create the file /etc/apache2/conf-available/remoteip.conf and copy the list of IPs below. These IPs were correct at the time of writing this article. To double-check them. Click Here.

nano /etc/apache2/conf-available/remoteip.conf

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/13
RemoteIPTrustedProxy 104.24.0.0/14
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22

Restart Services

OK. Bring up the new configuration with the below commands. Always use the RELOAD function before using the RESTART function. If any errors are detected this will prevent Apache from crashing.

a2enconf remoteip
apache2ctl configtest
systemctl restart apache2

Great. you will now see your visitor’s real IP address and not Cloudflare’s IPs in your logs. Mod_RemoteIP is a great tool that succeeded mod_cloudflare.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button