How to restore visitors IP with mod_remoteip

Introduction

You will sometimes have traffic come from a proxy source, such as Cloudflare or Nginx source, and the Apache logs will record the proxy source as the client IP address instead of the original visitor's IP address. Apache's mod_remoteip module allows you to restore the original visitor's IP address.

Procedure

1. Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
2. Install the ea-apache24-mod_remoteip package.
   • CentOS 7 or CloudLinux 7

     yum install ea-apache24-mod_remoteip

   • CloudLinux 8/9, AlmaLinux 8/9, or Rocky Linux 8/9

     dnf install ea-apache24-mod_remoteip

   • Ubuntu

     apt install ea-apache24-mod_remoteip

3. Open /etc/apache2/conf.modules.d/370_mod_remoteip.conf in your preferred text editor.
4. Add the following line below the LoadModule line.

   RemoteIPHeader X-Forwarded-For

5. Add entries for the proxy IP addresses.
   • For remote IP addresses, use RemoteIPTrustedProxy.

     RemoteIPTrustedProxy 203.0.113.2

   • For local IP addresses, use RemoteIPInternalProxy.

     RemoteIPInternalProxy 192.0.2.2

   Please note that IP address ranges may be added using CIDR notation.
6. Save the changes and exit the text editor.
7. Log into WHM as the 'root' user.
8. Navigate to "Home / Service Configuration / Apache Configuration / Global Configuration."
9. Scroll down to the "LogFormat (combined)" option.
10. Select the textbox.
11. Replace the default text with the following.

    %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"

12. Select the textbox for the "LogFormat (common)" option.
13. Replace the default text with the following.

    %a %l %u %t \"%r\" %>s %b

14. Scroll to the bottom of the page.
15. Click the "Save" button.
16. Click the "Rebuild Configuration and Restart Apache" button.

Additional resources

Apache Module mod_remoteip

CloudFlare IP Ranges

Apache Configuration: Global Configuration