Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:config:show-real-ip-behind-a-proxy [2016/06/08 14:52] Rob Holda |
litespeed_wiki:config:show-real-ip-behind-a-proxy [2016/06/17 13:24] (current) Jackson Zhang |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Show real visitor IP addresses instead of proxy IPs ===== | ===== Show real visitor IP addresses instead of proxy IPs ===== | ||
- | When using CloudFlare CDN or another proxy in front of your web server, you may see a proxy IP instead of real IP addresses of visitors. | + | When using proxy in front of your web server, you may see a proxy IP instead of real IP addresses of visitors. |
- | To restore real visitor IPs simply enable the [[https://www.litespeedtech.com/docs/webserver/config/general#useIpInProxyHeader|Use Client IP in Header]] option in the General Settings section of the Configuration page in your LiteSpeed Web Admin Console. | + | To restore real visitor IPs simply enable the [[https://www.litespeedtech.com/docs/webserver/config/general#useIpInProxyHeader|Use Client IP in Header]] option to "Trusted ip only" in the General Settings section of the Configuration page in your LiteSpeed Web Admin Console and [[https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow|add proxy IPs to trusted IP list]]. Please refer to [[litespeed_wiki:config:show-real-ip-behind-cloudflare|similar setting on cloudflare]]. |
- | Once enabled, your access logs will show the correct IP addresses and even PHP's $_SERVER['REMOTE_ADDR'] variable will contain your visitors' real IP addresses instead of a CloudFlare IP address. This will resolve most problems that might occur when enabling CloudFlare on PHP-enabled web sites (like WordPress or vBulletin installs). | + | {{ :litespeed_wiki:config:cloudflare-visitor-ip.png?nolink&500 |}} |
- | + | ||
- | The same is true for other proxy setups. | + | |
For example, a Citrix Netscaler device serves the original IP record. By setting it to use "X-Forwarded-For", which is a standard header for that purpose, you should then see the visitors' original IPs. | For example, a Citrix Netscaler device serves the original IP record. By setting it to use "X-Forwarded-For", which is a standard header for that purpose, you should then see the visitors' original IPs. | ||
You may also see gateway ip/proxy ip with some null requests. This is normal. After one request is served, the IP will be reset to the LB IP before a new request arrives. When a new request arrives with the "x-Forwarded-For" header, it will be updated. For keep-alive connections, in between two requests, the LB IP will shown on the real time request list. | You may also see gateway ip/proxy ip with some null requests. This is normal. After one request is served, the IP will be reset to the LB IP before a new request arrives. When a new request arrives with the "x-Forwarded-For" header, it will be updated. For keep-alive connections, in between two requests, the LB IP will shown on the real time request list. | ||
- | |||
- | To avoid proxy IP addresses being blocked by server security settings, you should [[https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow|add LB IP to trusted IP list]]. |