The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logging clients' real IPs when using CloudFlare + Nginx + Apache

Discussion in 'General Discussion' started by M373H, Apr 21, 2015.

  1. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I understand that cPanel doesn't support neither Nginx nor CloudFlare. It would be great if anyone has went through this before and have a solution or suggestion for this problem.

    I have Nginx stands as a reverse proxy in front of Apache. I'm able to log clients' real IPs by using mod_rpaf module when using Nginx + Apache only without CloudFlare. I then decided to addCloudFlare to my server. Now CloudFlare IPs are showing instead of clients' IPs. I have the Nginx RealIP Module installed, I tried various configurations but didn't solve the problem. I then installed mod_cloudflare which is supposed to log real clients' IPs to Apache as described on CloudFlare, but that also didn't solve the problem.

    First, The working configurations for Nginx + Apache only are as follows:

    Nginx Configuration:
    Code:
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    real_ip_header X-Client-IP;
    mod_rpaf Configuration:
    Code:
    LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so
    <IfModule mod_rpaf-2.0.c>
    RPAFenable On
    RPAFproxy_ips 127.0.0.1 #Proxy IPs
    RPAFsethostname On
    RPAFheader X-Client-IP
    </IfModule>
    Until now clients' real IPs are shown correctly.

    Second, using CloudFlare with Nginx + Apache:

    Nginx Configuration:
    Code:
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    set_real_ip_from 204.93.240.0/24;
    set_real_ip_from 204.93.177.0/24;
    set_real_ip_from 199.27.128.0/21;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    real_ip_header CF-Connecting-IP;
    mod_rpaf Configuration:
    Code:
    LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so
    <IfModule mod_rpaf-2.0.c>
    RPAFenable On
    RPAFproxy_ips 127.0.0.1 #Proxy IPs
    RPAFsethostname On
    RPAFheader CF-Connecting-IP
    </IfModule>
    So when using CloudFlare with the above configurations, the IPs being logged belong to CloudFlare despite the configurations made.

    I tried the following combinations in Nginx and mod_rpaf configurations but there were no luck,
    Code:
    #Nginx
    real_ip_header X-Client-IP;
    real_ip_header X-Forwarded-For;
    real_ip_header X-Real-IP;
    
    #mod_rpaf
    RPAFheader X-Client-IP
    RPAFheader X-Forwarded-For
    RPAFheader X-Real-IP
    I've inserted real_ip_recursive on; in Nginx configuration. Also, inserted all CloudFlare IP ranges to the mod_rpaf configuration in a standalone try. However, all of that didn't solve the problem.

    Any reply is greatly appreciated. Thank you :)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I need to modify the LogFormat in Apache in order to add the X-Forwarded-For header and log clients' real IPs. I attempted to edit that in httpd.conf file but I then found two separate parts for the LogFormat. So I'm not sure if they are duplicate, whether should I remove any of them or not, and I don't know which of them to edit, or should I edit them all. I need some advice for this.

    Here is the first part:
    Code:
    <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    
    CustomLog "logs/access_log" common
    
    <IfModule logio_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    
    </IfModule>
    The second part:
    Code:
    <IfModule mod_log_config.c>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    
    CustomLog logs/access_log common
    
    </IfModule>
    I don't know what is the difference between first and second part. I can see two lines are duplicate in the two parts. So, which part should I edit? Is it safe to remove the duplicate lines from one part and keep the other? Can I combine non-duplicated lines in one part?

    Thank you.
     
  4. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for your reply,

    I attempted to modify the LogFormat in httpd.conf, but I found two separate parts of LogFormat that have a portion looks nearly duplicate. So, I'm not sure which to edit or should I remove the duplicate lines. I just opened a new thread for that. It would be great if you can share an advice regarding this.

    Thank you :)
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. M373H

    M373H Member

    Joined:
    Jan 18, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    Thank you Michael :)

    Last thing, I made some changes to the LogFormat in httpd.conf and switched to mod_remoteip instead of mod_rpaf. Now the IPs are reporting correctly in the following file: /usr/local/apache/logs/access_log However, it still reports CloudFlare IPs in the Latest Visitors stats for any cPanel account on server.

    Here is the LogFormat after editing:
    Code:
    <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b %{CF-Connecting-IP}i" common
    
    CustomLog "logs/access_log" combined
    
    <IfModule logio_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined
    </IfModule>
    
    </IfModule>
    
    <IfModule mod_log_config.c>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b %{CF-Connecting-IP}i" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    
    CustomLog logs/access_log common
    CustomLog logs/access_log combined
    
    </IfModule>
    Is there a log configuration file regarding the latest visitors stats? Do I need to modify the LogFormat somewhere else beside the httpd.conf file? Or is there anything missing in the above LogFormat?

    Thank you.
     
    #6 M373H, Apr 23, 2015
    Last edited: Apr 23, 2015
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This data comes from the Apache domlogs:

    /usr/local/apache/domlogs/$username/

    Have you verified that new data written to the domlogs are showing the CloudFlare IP address?

    Thank you.
     
Loading...

Share This Page