Restore Original Visitor IPs with Apache and mod_remoteip when using Cloudflare Proxy in CWP on AlmaLinux 8 / 9
This article is based on Sandeep’s article at AlphaGNU.
CWP Apache Restore original visitor IPs with mod_remoteip when using Cloudflare proxy – CWP – Control WEB Panel – AlphaGNU
It is meant to be a backup, just in case the other site gives an error.
INTRODUCTION
In this tutorial we’ll going to learn how to configure Apache mod_remoteip in order to restore original ip when using cloudflare proxy. We’ve another blog post upon how we can configure mod_cloudflare to restore ip which for some are not at all working. This is the method which is working and recommended in cloudflare website.
READ ME FIRST
This article is provided as a courtesy.
Installing, configuring, and troubleshooting third-party applications is outside the scope of basic support provided by Starburst Services.
We are not liable for any damages and/or data loss.
REQUIRMENTS
- SSH credentials or File Manager access Logged In as Root
- Nano Text Editor (Or one you are comfortable using, but this article uses Nano as an example)
STEP 1
Enabling mod_remoteip in Apache config:
sed -i '/LoadModule remoteip_module modules/ s/^#//g' /usr/local/apache/conf/httpd.conf
STEP 2
Now we’re going to configure Cloudflare original ip config.
First of all create a file named “cloudflare.conf” in /usr/local/apache/conf.d:
cd /usr/local/apache/conf.d
nano cloudflare.conf
Then copy paste below config and save it:
#LogFormat “%a %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
You can remove “#” uncomment from in front of LogFormat for customized log format.
STEP 3
Restart Apache webserver and done:
systemctl restart httpd
Thanks for learning with Starburst Services.
Make sure to visit AlphaGNU at: https://www.alphagnu.com/
KB Article Created: 2024-09-01