Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:config:show-real-ip-behind-a-proxy [2016/06/16 14:59] Jackson Zhang |
litespeed_wiki:config:show-real-ip-behind-a-proxy [2016/06/17 13:20] Jackson Zhang |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Show real visitor IP addresses instead of proxy IPs ===== | ===== Show real visitor IP addresses instead of proxy IPs ===== | ||
| - | When using CloudFlare CDN or another proxy in front of your web server, you may see a proxy IP instead of real IP addresses of visitors. | + | When using proxy in front of your web server, you may see a proxy IP instead of real IP addresses of visitors. |
| - | To restore real visitor IPs simply enable the [[https://www.litespeedtech.com/docs/webserver/config/general#useIpInProxyHeader|Use Client IP in Header]] option in the General Settings section of the Configuration page in your LiteSpeed Web Admin Console. | + | To restore real visitor IPs simply enable the [[https://www.litespeedtech.com/docs/webserver/config/general#useIpInProxyHeader|Use Client IP in Header]] option to "Trusted ip only" in the General Settings section of the Configuration page in your LiteSpeed Web Admin Console and [[https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow|add proxy IPs to trusted IP list]]. |
| - | + | ||
| - | Once enabled, your access logs will show the correct IP addresses and even PHP's $_SERVER['REMOTE_ADDR'] variable will contain your visitors' real IP addresses instead of a CloudFlare IP address. This will resolve most problems that might occur when enabling CloudFlare on PHP-enabled web sites (like WordPress or vBulletin installs). | + | |
| - | + | ||
| - | To avoid CloudFlare IP addresses being blocked by server security settings, you should add Cloudflare IP/subnet to trusted list. | + | |
| - | + | ||
| - | The same is true for other proxy setups. | + | |
| For example, a Citrix Netscaler device serves the original IP record. By setting it to use "X-Forwarded-For", which is a standard header for that purpose, you should then see the visitors' original IPs. | For example, a Citrix Netscaler device serves the original IP record. By setting it to use "X-Forwarded-For", which is a standard header for that purpose, you should then see the visitors' original IPs. | ||
| You may also see gateway ip/proxy ip with some null requests. This is normal. After one request is served, the IP will be reset to the LB IP before a new request arrives. When a new request arrives with the "x-Forwarded-For" header, it will be updated. For keep-alive connections, in between two requests, the LB IP will shown on the real time request list. | You may also see gateway ip/proxy ip with some null requests. This is normal. After one request is served, the IP will be reset to the LB IP before a new request arrives. When a new request arrives with the "x-Forwarded-For" header, it will be updated. For keep-alive connections, in between two requests, the LB IP will shown on the real time request list. | ||
| - | |||
| - | To avoid proxy IP addresses being blocked by server security settings, you should [[https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow|add LB IP to trusted IP list]]. | ||