Introduction
You will sometimes have traffic come from a proxy source, such as Cloudflare or Nginx source, and the Apache logs will record the proxy source as the client IP address instead of the original visitor's IP address. Apache's mod_remoteip module allows you to restore the original visitor's IP address.
Procedure
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Install the ea-apache24-mod_remoteip package.
- CentOS 7 or CloudLinux 7
yum install ea-apache24-mod_remoteip
- CloudLinux 8/9, AlmaLinux 8/9, or Rocky Linux 8/9
dnf install ea-apache24-mod_remoteip
- Ubuntu
apt install ea-apache24-mod_remoteip
- CentOS 7 or CloudLinux 7
- Open
/etc/apache2/conf.modules.d/370_mod_remoteip.conf
in your preferred text editor. - Add the following line below the LoadModule line.
RemoteIPHeader X-Forwarded-For
- Add entries for the proxy IP addresses.
- For remote IP addresses, use
RemoteIPTrustedProxy
.RemoteIPTrustedProxy 203.0.113.2
- For local IP addresses, use
RemoteIPInternalProxy
.RemoteIPInternalProxy 192.0.2.2
- For remote IP addresses, use
- Save the changes and exit the text editor.
- Log into WHM as the 'root' user.
- Navigate to "Home / Service Configuration / Apache Configuration / Global Configuration."
- Scroll down to the "LogFormat (combined)" option.
- Select the textbox.
- Replace the default text with the following.
"%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
- Select the textbox for the "LogFormat (common)" option.
- Replace the default text with the following.
%a %l %u %t \"%r\" %>s %b
- Scroll to the bottom of the page.
- Click the "Save" button.
- Click the "Rebuild Configuration and Restart Apache" button.