Introduction
Sometimes you'll have traffic come from another source such as Cloudflare, another proxy source, or a dedicated firewall. Apache offers mod_remoteip which will allow you to restore the original visitor address.
Per the Apache documentation:
It is critical to only enable this behavior from intermediate hosts (proxies, etc) which are trusted by this server, since it is trivial for the remote useragent to impersonate another useragent.
Procedure
1. Install this via yum or through EasyApache and search for ea-apache24-mod_remoteip.
yum install ea-apache24-mod_remoteip
2. Modify the configuration file for mod_remoteip after installing.
nano /etc/apache2/conf.modules.d/370_mod_remoteip.conf
3. Within this file, you need to configure the address you need to proxy. The contents of the remoteip.conf file will represent your proxy server, if this is using an internal network, you'll use RemoteIPInternalProxy instead of RemoteIPTrustedProxy.
Ensure all directives are placed below the LoadModule remoteip_module line in the configuration.
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 192.168.1.51
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 192.168.1.51
If there are additional addresses you need to add, you can do this by adding them one after the other.
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 192.168.1.51 10.10.10.20
If you are using CloudFlare, the following example can be used, however, for the most up to date list of IPs, you should compare with CloudFlare: (Verified as of February 15th 2023)
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 104.16.0.0/13
RemoteIPTrustedProxy 104.24.0.0/14
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
4. Once that has been done, you'll need to go to "WHM Home » Service Configuration » Apache Configuration » Global Configuration" and modify both of the LogFormat options, combined and common by replacing the "h" with an "a".
%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
This format captures the header with the %h field which is the proxy address in our example. Because we want the originating client IP address instead of the remote IP being logged, we replace this with an %a.
"%a %l %u %t \"%r\" %>s %b \"%{Referer}i\ \"%{User-Agent}i\"
5. Save and restart Apache to apply the new configuration.
/scripts/restartsrv_httpd