Logging clients' real IPs when using CloudFlare + Nginx + Apache

I understand that cPanel doesn't support neither Nginx nor CloudFlare. It would be great if anyone has went through this before and have a solution or suggestion for this problem. I have Nginx stands as a reverse proxy in front of Apache. I'm able to log clients' real IPs by using mod_rpaf module when using Nginx + Apache only without CloudFlare. I then decided to addCloudFlare to my server. Now CloudFlare IPs are showing instead of clients' IPs. I have the Nginx RealIP Module installed, I tried various configurations but didn't solve the problem. I then installed mod_cloudflare which is supposed to log real clients' IPs to Apache as described on CloudFlare, but that also didn't solve the problem. First, The working configurations for Nginx + Apache only are as follows: Nginx Configuration:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
real_ip_header X-Client-IP;

mod_rpaf Configuration:

LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so

RPAFenable On
RPAFproxy_ips 127.0.0.1 #Proxy IPs
RPAFsethostname On
RPAFheader X-Client-IP

Until now clients' real IPs are shown correctly. Second, using CloudFlare with Nginx + Apache: Nginx Configuration:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;

mod_rpaf Configuration:

LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so

RPAFenable On
RPAFproxy_ips 127.0.0.1 #Proxy IPs
RPAFsethostname On
RPAFheader CF-Connecting-IP

So when using CloudFlare with the above configurations, the IPs being logged belong to CloudFlare despite the configurations made. I tried the following combinations in Nginx and mod_rpaf configurations but there were no luck,

#Nginx
real_ip_header X-Client-IP;
real_ip_header X-Forwarded-For;
real_ip_header X-Real-IP;

#mod_rpaf
RPAFheader X-Client-IP
RPAFheader X-Forwarded-For
RPAFheader X-Real-IP

I've inserted real_ip_recursive on; in Nginx configuration. Also, inserted all CloudFlare IP ranges to the mod_rpaf configuration in a standalone try. However, all of that didn't solve the problem. Any reply is greatly appreciated. Thank you :)

cPanelMichael

April 22, 2015 19:49

Hello, I see that you have already tried most of the solutions in the following thread, but you may want to check it out again just in-case:

M373H

April 23, 2015 16:01

I need to modify the LogFormat in Apache in order to add the X-Forwarded-For header and log clients' real IPs. I attempted to edit that in httpd.conf file but I then found two separate parts for the LogFormat. So I'm not sure if they are duplicate, whether should I remove any of them or not, and I don't know which of them to edit, or should I edit them all. I need some advice for this. Here is the first part:


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

CustomLog "logs/access_log" common


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

The second part:


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

CustomLog logs/access_log common

I don't know what is the difference between first and second part. I can see two lines are duplicate in the two parts. So, which part should I edit? Is it safe to remove the duplicate lines from one part and keep the other? Can I combine non-duplicated lines in one part? Thank you.

April 23, 2015 16:03

April 23, 2015 20:19

Could you try editing both entries in the httpd.conf file and then run the

April 24, 2015 00:39

Could you try editing both entries in the httpd.conf file and then run the s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined LogFormat "%h %l %u %t \"%r\" %>s %b %{CF-Connecting-IP}i" common CustomLog "logs/access_log" combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{CF-Connecting-IP}i" combined LogFormat "%h %l %u %t \"%r\" %>s %b %{CF-Connecting-IP}i" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access_log common CustomLog logs/access_log combined
Is there a log configuration file regarding the latest visitors stats? Do I need to modify the LogFormat somewhere else beside the httpd.conf file? Or is there anything missing in the above LogFormat? Thank you.

May 01, 2015 15:42

Is there a log configuration file regarding the latest visitors stats?

This data comes from the Apache domlogs: /usr/local/apache/domlogs/$username/ Have you verified that new data written to the domlogs are showing the CloudFlare IP address? Thank you.

Logging clients' real IPs when using CloudFlare + Nginx + Apache

Comments

Didn't find what you were looking for?