Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logging clients' real IPs when using CloudFlare + Nginx + Apache

Discussion in 'General Discussion' started by M373H, Apr 21, 2015.

  1. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I understand that cPanel doesn't support neither Nginx nor CloudFlare. It would be great if anyone has went through this before and have a solution or suggestion for this problem.

    I have Nginx stands as a reverse proxy in front of Apache. I'm able to log clients' real IPs by using mod_rpaf module when using Nginx + Apache only without CloudFlare. I then decided to addCloudFlare to my server. Now CloudFlare IPs are showing instead of clients' IPs. I have the Nginx RealIP Module installed, I tried various configurations but didn't solve the problem. I then installed mod_cloudflare which is supposed to log real clients' IPs to Apache as described on CloudFlare, but that also didn't solve the problem.

    First, The working configurations for Nginx + Apache only are as follows:

    Nginx Configuration:
    Code:
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    real_ip_header X-Client-IP;
    mod_rpaf Configuration:
    Code:
    LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so
    <IfModule mod_rpaf-2.0.c>
    RPAFenable On
    RPAFproxy_ips 127.0.0.1 #Proxy IPs
    RPAFsethostname On
    RPAFheader X-Client-IP
    </IfModule>
    Until now clients' real IPs are shown correctly.

    Second, using CloudFlare with Nginx + Apache:

    Nginx Configuration:
    Code:
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    set_real_ip_from 204.93.240.0/24;
    set_real_ip_from 204.93.177.0/24;
    set_real_ip_from 199.27.128.0/21;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    real_ip_header CF-Connecting-IP;
    mod_rpaf Configuration:
    Code:
    LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so
    <IfModule mod_rpaf-2.0.c>
    RPAFenable On
    RPAFproxy_ips 127.0.0.1 #Proxy IPs
    RPAFsethostname On
    RPAFheader CF-Connecting-IP
    </IfModule>
    So when using CloudFlare with the above configurations, the IPs being logged belong to CloudFlare despite the configurations made.

    I tried the following combinations in Nginx and mod_rpaf configurations but there were no luck,
    Code:
    #Nginx
    real_ip_header X-Client-IP;
    real_ip_header X-Forwarded-For;
    real_ip_header X-Real-IP;
    
    #mod_rpaf
    RPAFheader X-Client-IP
    RPAFheader X-Forwarded-For
    RPAFheader X-Real-IP
    I've inserted real_ip_recursive on; in Nginx configuration. Also, inserted all CloudFlare IP ranges to the mod_rpaf configuration in a standalone try. However, all of that didn't solve the problem.

    Any reply is greatly appreciated. Thank you :)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I need to modify the LogFormat in Apache in order to add the X-Forwarded-For header and log clients' real IPs. I attempted to edit that in httpd.conf file but I then found two separate parts for the LogFormat. So I'm not sure if they are duplicate, whether should I remove any of them or not, and I don't know which of them to edit, or should I edit them all. I need some advice for this.

    Here is the first part:
    Code:
    <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    
    CustomLog "logs/access_log" common
    
    <IfModule logio_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    
    </IfModule>
    The second part:
    Code:
    <IfModule mod_log_config.c>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    
    CustomLog logs/access_log common
    
    </IfModule>
    I don't know what is the difference between first and second part. I can see two lines are duplicate in the two parts. So, which part should I edit? Is it safe to remove the duplicate lines from one part and keep the other? Can I combine non-duplicated lines in one part?

    Thank you.
     
  4. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for your reply,

    I attempted to modify the LogFormat in httpd.conf, but I found two separate parts of LogFormat that have a portion looks nearly duplicate. So, I'm not sure which to edit or should I remove the duplicate lines. I just opened a new thread for that. It would be great if you can share an advice regarding this.

    Thank you :)
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you try editing both entries in the httpd.conf file and then run the Apache distiller to see if the changes are preserved?

    Thank you.
     
  6. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    Thank you Michael :)

    Last thing, I made some changes to the LogFormat in httpd.conf and switched to mod_remoteip instead of mod_rpaf. Now the IPs are reporting correctly in the following file: /usr/local/apache/logs/access_log However, it still reports CloudFlare IPs in the Latest Visitors stats for any cPanel account on server.

    Here is the LogFormat after editing:
    Code:
    <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b %{CF-Connecting-IP}i" common
    
    CustomLog "logs/access_log" combined
    
    <IfModule logio_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined
    </IfModule>
    
    </IfModule>
    
    <IfModule mod_log_config.c>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b %{CF-Connecting-IP}i" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    
    CustomLog logs/access_log common
    CustomLog logs/access_log combined
    
    </IfModule>
    Is there a log configuration file regarding the latest visitors stats? Do I need to modify the LogFormat somewhere else beside the httpd.conf file? Or is there anything missing in the above LogFormat?

    Thank you.
     
    #6 M373H, Apr 23, 2015
    Last edited: Apr 23, 2015
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    This data comes from the Apache domlogs:

    /usr/local/apache/domlogs/$username/

    Have you verified that new data written to the domlogs are showing the CloudFlare IP address?

    Thank you.
     
Loading...

Share This Page