Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
litespeed_wiki:config:show-real-ip-behind-cloudflare [2018/11/14 16:57]
Jackson Zhang
litespeed_wiki:config:show-real-ip-behind-cloudflare [2018/11/14 20:06] (current)
Lisa Clarke Proofreading
Line 1: Line 1:
-====== Show real visitor ​IP addresses instead ​of CloudFlare IPs ======+====== Show Real Visitor ​IP Instead ​of CloudFlare IPs ======
  
 When using CloudFlare CDN in front of your LiteSpeed Web Server, you may see a proxy IP instead of the real IP addresses of visitors. ​ When using CloudFlare CDN in front of your LiteSpeed Web Server, you may see a proxy IP instead of the real IP addresses of visitors. ​
  
-To restore real visitor IPs simply ​set the [[https://​www.litespeedtech.com/​docs/​webserver/​config/​general#​useIpInProxyHeader|Use Client IP in Header]] ​option ​to "Trusted IP Only" in the General Settings section of the Configuration page in your LiteSpeed Web Admin Console ​and add CloudFlare IPs/Subnets to the trusted list. If "Use Client IP in Header" ​is set to "Yes" ​instead of "Trusted IP only", clients can spoof IPs with the "X-Forwarded-For" ​header sent to CloudFlare. ​As a result, this is not recommended.+To restore real visitor IPs, navigate to **LiteSpeed WebAdmin Console > Configuration > General Settings** and set **[[https://​www.litespeedtech.com/​docs/​webserver/​config/​general#​useIpInProxyHeader|Use Client IP in Header]]** to ''​Trusted IP Only'', ​and add CloudFlare IPs/Subnets to the trusted list, as shown below. If **Use Client IP in Header** is set to ''​Yes'' ​instead of ''​Trusted IP only''​, clients can spoof IPs with the ''​X-Forwarded-For'' ​header ​that is sent to CloudFlare. ​This is not recommended!
  
-The following snapshot shows the "Use Client IP in Header"​ setting: 
 {{ :​litespeed_wiki:​config:​cloudflare-visitor-ip.png?​nolink&​500 |}} {{ :​litespeed_wiki:​config:​cloudflare-visitor-ip.png?​nolink&​500 |}}
  
-The following snapshot shows how to add CloudFlare to trusted list. Please refer to [[litespeed_wiki:​config:​cloudflare-ips-or-subnets|this wiki]] for setup details.+The following snapshot shows how to add CloudFlare to the trusted list. Please refer to [[litespeed_wiki:​config:​cloudflare-ips-or-subnets|this wiki]] for detailed instructions.
  
 {{ :​litespeed_wiki:​config:​cloudflare-unblock.png?​nolink&​850 |}} {{ :​litespeed_wiki:​config:​cloudflare-unblock.png?​nolink&​850 |}}
  
-the list of cloudflare ​IP subnet ​is available at [[https://​www.cloudflare.com/​ips/​|https://​www.cloudflare.com/​ips/​]] +The list of CloudFlare ​IP subnets ​is available at [[https://​www.cloudflare.com/​ips/​|https://​www.cloudflare.com/​ips/​]]. 
-Your litespeed configuration ​ACL allowed configuration should ​looks like+Your LiteSpeed ​ACL allowed configuration should ​look like:
  
   ALL, 103.21.244.0/​22T,​ 103.22.200.0/​22T,​ 103.31.4.0/​22T,​ 104.16.0.0/​12T,​ 108.162.192.0/​18T,​ 131.0.72.0/​22T,​ 141.101.64.0/​18T,​ 162.158.0.0/​15T,​ 172.64.0.0/​13T,​ 173.245.48.0/​20T,​ 188.114.96.0/​20T,​ 190.93.240.0/​20T,​ 197.234.240.0/​22T,​ 198.41.128.0/​17T,​ 199.27.128.0/​21T   ALL, 103.21.244.0/​22T,​ 103.22.200.0/​22T,​ 103.31.4.0/​22T,​ 104.16.0.0/​12T,​ 108.162.192.0/​18T,​ 131.0.72.0/​22T,​ 141.101.64.0/​18T,​ 162.158.0.0/​15T,​ 172.64.0.0/​13T,​ 173.245.48.0/​20T,​ 188.114.96.0/​20T,​ 190.93.240.0/​20T,​ 197.234.240.0/​22T,​ 198.41.128.0/​17T,​ 199.27.128.0/​21T
  
-If there is another layer of proxy setup in front of LiteSpeed Web Server on the same server box, such as CloudFlare Railgun, Nginx, or Varnish, you also need to add that server IP to the trusted list.+If there is another layer of proxy setup in front of LiteSpeed Web Server on the same server box (i.e. CloudFlare Railgun, Nginx, or Varnish), you also need to add that server IP to the trusted list.
    
-Once enabled, your access logs will show the correct IP addresses and even PHP's $_SERVER['​REMOTE_ADDR'​] variable will contain your visitors'​ real IP addresses instead of a CloudFlare IP address. This will resolve most problems that might occur when enabling CloudFlare on PHP-enabled web sites (like WordPress or vBulletin installations).+Once enabled, your access logs will show the correct IP addresses and even PHP'​s ​''​$_SERVER['​REMOTE_ADDR'​]'' ​variable will contain your visitors'​ real IP addresses instead of a CloudFlare IP address. This will resolve most problems that might occur when enabling CloudFlare on PHP-enabled web sites (like WordPress or vBulletin installations).
  
-Please be aware that only access log shows real visitor IPs, but error log still shows IPs of CloudFlare ​nodeWe may improve the logging a little to error_log to include real IPs for a future release. ​+Please be aware that only the access log shows real visitor IPs. The error log still shows IPs of CloudFlare ​nodesThis may change in a future release.
  
  • Admin
  • Last modified: 2018/11/14 20:06
  • by Lisa Clarke