Cloudflare shows user real IP in my site but not in the logs (CF IPs getting blocked by mod_qos)

Bentok

Active Member
Jan 14, 2015
25
1
53
cPanel Access Level
Website Owner
Hello,

I have fixed users real IP by help of cpanel and this link:

But the problem is now that in the logs it still shows cloudflare IPs and when an attack happens mod_qos or evasive blocks cloudflare IPs instead of attackers IP, when disabling cloudflare then it works and shows real IPs in the logs, but not when it's under cloudflare protection.

Running this command and shows only cloudflare IPs with user connections:

netstat -plan|grep :443 |awk '{print $5}' | awk -F : '{print $(NF-1)}' | sort | uniq -c | sort -n

Wondering if there is any solution to fix that as well? appreciate the advice!

Best regards,
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,718
1,862
363
cPanel Access Level
Root Administrator
Hey there! I don't think those particular modules can detect the true IP address. I would be curious to know why you're still seeing an attack even though you're using Cloudflare, as that should be absorbing that type of traffic for you.
 

Bentok

Active Member
Jan 14, 2015
25
1
53
cPanel Access Level
Website Owner
Hey there! I don't think those particular modules can detect the true IP address. I would be curious to know why you're still seeing an attack even though you're using Cloudflare, as that should be absorbing that type of traffic for you.
Yeah it didn't help actually so I moved to sucuri instead, it's great and helping.. cloudflare just becoming worse with high prices for such protection... any way thanks for the response!

It might be Irrelevant to this topic :) , is there any way to remove or replace cloudflare IPs to sucuri IP in nginx configurations? because when I put them in server-includes nginx gives error that it's duplicate because of cloudflare ips.. if I put them in cloudflare.conf then it resets.. so wondering if there is a settings there to fix this issue.. shouldn't cloudflare config placed in /etc/nginx/conf.d/includes_optional/cpanel-proxy-vendors/...

So user adds them by themselves or replace it with other IPs etc... that's really annoying... or is it any other way to fix it? really appreciate the advice! (currently, client IP shows only servers IP, I tried all sucuri's documentation for apache, but the problem here might be nginx as well...)
 

Bentok

Active Member
Jan 14, 2015
25
1
53
cPanel Access Level
Website Owner
I know, but because nginx is a reserve proxy, so the IP need to be added in nginx, but because of cloudflare IP is there so I can't add my other ips such as sucuri... it says it's duplicate.. that's the issue that cpanel added cloudflare IP to the server block by default.. not all users need cloudflare IPs.. so that's my issue for now. I don't need that inside the server block, if it was a customisation or some graphical on/off button for cloudflare that would be great so user can add their own IPs or cloudflare IPs.

I have moved some of my sites to plesk now, they are more customized than cpanel.