Re: [users@httpd] Cloudflare logging and remote IP

Fri, 27 Jan 2023 08:36:42 -0800 

> Hi, I'd like to be able to track the original IP making requests, not the 
> cloudflare IP. How can I do that? It appears both mod_remoteip and 
> mod_cloudflare are extremely old, and mod_cloudflare is apparently deprecated 
> altogether.

I’ve had good results with mod_remoteip and CloudFlare.

Only thing I had to do was enable the mod_remoteip module and add their known 
IP ranges to the config (I hope this is still current, you might find an 
updated list on their site):

    # CloudFlare Header
    RemoteIPHeader CF-Connecting-IP

    # CloudFlare IPv4 Address Ranges
    RemoteIPTrustedProxy 103.21.244.0/22
    RemoteIPTrustedProxy 103.22.200.0/22
    RemoteIPTrustedProxy 103.31.4.0/22
    RemoteIPTrustedProxy 104.16.0.0/13
    RemoteIPTrustedProxy 104.24.0.0/14
    RemoteIPTrustedProxy 108.162.192.0/18
    RemoteIPTrustedProxy 141.101.64.0/18
    RemoteIPTrustedProxy 162.158.0.0/15
    RemoteIPTrustedProxy 172.64.0.0/13
    RemoteIPTrustedProxy 173.245.48.0/20
    RemoteIPTrustedProxy 188.114.96.0/20
    RemoteIPTrustedProxy 190.93.240.0/20
    RemoteIPTrustedProxy 197.234.240.0/22
    RemoteIPTrustedProxy 198.41.128.0/17
    RemoteIPTrustedProxy 199.27.128.0/21

    # CloudFlare IPv6 Address Ranges
    RemoteIPTrustedProxy 2400:cb00::/32
    RemoteIPTrustedProxy 2405:8100::/32
    RemoteIPTrustedProxy 2405:b500::/32
    RemoteIPTrustedProxy 2606:4700::/32
    RemoteIPTrustedProxy 2803:f800::/32
    RemoteIPTrustedProxy 2a06:98c0::/29
    RemoteIPTrustedProxy 2c0f:f248::/32

This just worked, the logs and apps now see the original address.

Kind regards,
Walter Hop

> Does it require rebuilding apache with the mod_remoteip source, as seems to 
> be indicated, and would code from 10 years ago even compile with the current 
> apache?
> 
> Is there a pre-existing package or module available for fedora? Other ideas 
> for doing this? Cloudflare also provides some php code to be added to the 
> <body> tag, but it doesn't actually update the access log with this info.
> 
> https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs#S7Z4EJQFN997YRY
> 
> Thanks,
> Dave
> 
> -- 
> Dave Wreski
> President & CEO
> Guardian Digital, Inc.
> We Make Email Safe
> 
> 
> 
> 
> 640-800-9446 <tel:640-800-9446>
>       dwre...@guardiandigital.com <mailto:dwre...@guardiandigital.com>
> 
> https://guardiandigital.com <https://guardiandigital.com/>
>       103 Godwin Ave, Suite 314, Midland Park, NJ 07432
> 
> 
>  <https://www.facebook.com/gdlinux>   
> 
>  <https://twitter.com/gdlinux>        
> 
>  <https://www.linkedin.com/company/guardiandigital>   
> 
>  
>

Reply via email to