mod_cloudflare vs mod_remoteip

caisc

March 03, 2017 07:19

Hi, Recently came through a nice guide at - devside.net/wamp-server/installing-mod_cloudflare-apache-module-to-get-real-visitor-ip-addresses It says mod_remoteip is better solution than mod_cloudflare What do experts say on pros and cons. Thanks

Comments

12 comments

vacancy

March 03, 2017 12:32
There is no difference. The work done in the mod_remoteip and mod_cloudflare extensions is to execute the function X-Forwarded-For. You can choose any.
0
caisc

March 03, 2017 13:40
@vacancy Thanks for the update. I have EasyApache4 with cloudlinux 7 on server. Did EasyApache and installed mod_remoteip on the server. root@server [~]# httpd -M | grep remoteip remoteip_module (shared) root@server [~]# Now do I need to put some extra configuration in this file at location - /etc/apache2/conf.modules.d/360_mod_remoteip.conf Like - RemoteIPHeader X-Real-IP RemoteIPInternalProxy SERVER_IP_ADDRESS Replace the SERVER_IP_ADDRESS with your server IP address. Thanks
0
vacancy

March 03, 2017 14:03
One last step is needed. Apache configuration > Include editor > Pre main Include / All versions The following codes should be added.
RemoteIPHeader X-Forwarded-For LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%a %l %u %t \"%r\" %>s %b" common LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog logs/access_log combined
0
caisc

March 03, 2017 14:24
Thanks completed the last step as mentioned and restarted Apache. Now the real abusing IPs hidden behind cloudflare will be logged and will be blocked in CSF firewall as per rules defined in CSF firewall and mod_security rules. Right?
0
vacancy

March 03, 2017 14:50
No. Csf and similar softwares, read netstat data. The x-forwarded-for function is only valid for traffic to the webserver. It can do it mod_evasive.
0
caisc

March 03, 2017 16:32
So this will only log the real IP of the user who access the site hosted on my server via cloudflare or any other proxy network. plz confirm.
0
vacancy

March 03, 2017 16:52
Yes. Csf and similar firewalls that you use will operate according to the unix netstat data. The x-forwarded-for module is not a unix core module, but a webserver module.
0
cPanelMichael

March 03, 2017 17:41
Hello, It looks like this topic is now solved. Let us know if you have any additional questions. Thank you.
0
rogerw

March 07, 2017 14:35
What was the solution? How can we pass the x-forwarded-for to CSF?
0
cPanelMichael

March 09, 2017 14:53
What was the solution? How can we pass the x-forwarded-for to CSF?

Hello @rogerw, It's not supported. Here's the quote from earlier in this thread that answers this question:
Yes. Csf and similar firewalls that you use will operate according to the unix netstat data. The x-forwarded-for module is not a unix core module, but a webserver module.

Thank you.
0
linuxman1

March 09, 2020 15:27
What was the solution? How can we pass the x-forwarded-for to CSF?

Yes you can, CSF LF_MODSEC will read mod-security logs from Apache and can block attacking ip addresses via iptables when you use mod_remoteip BUT, this will not help at all when you use CloudFlare! I had to search for more than one hour to find a good solution for this issue but can't so I have to disable CloudFlare so I can benefit from CSF and mod-security blocking, take this snippet from CSF docs and you will understand the issue. -------------------- CloudFlare This features provides interaction with the CloudFlare Firewall As CloudFlare is a reverse proxy, any attacking IP addresses (so far as iptables is concerned) come from the CloudFlare IP's. To counter this, an Apache module (mod_cloudflare) is available that obtains the true attackers IP from a custom HTTP header record (similar functionality is available for other HTTP daemons However, despite now knowing the true attacking IP address, iptables cannot be used to block that IP as the traffic is still coming from the CloudFlare servers CloudFlare have provided a Firewall feature within the user account where rules can be added to block, challenge or whitelist IP addresses Using the CloudFlare API, this feature adds and removes attacking IPs from that firewall and provides CLI (and via the UI) additional commands See /etc/csf/readme.txt for more information about this feature and the restrictions for its use BEFORE enabling this feature ----------------------------------------------------------------------------------------------------- And I found the recommended solution by CSF docs isn't easy to be done for every client, so I had to disable CloudFlare for now.
0
rogerw

April 03, 2020 14:53
Yes you can, CSF LF_MODSEC will read mod-security logs from Apache and can block attacking ip addresses via iptables when you use mod_remoteip... ...recommended solution by CSF docs isn't easy to be done for every client, so I had to disable CloudFlare for now.

Ah... I understand better. Thank you for following up, that is muchly appreciated!
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?