I've been stuck for days trying to solve this problem, I hope someone can help me with this.
I have Nginx stands as a reverse proxy in front of Apache. I'm able to log clients' real IPs by using
mod_rpaf module when using Nginx + Apache only without CloudFlare. I then decided to add CloudFlare to my server. Now CloudFlare IPs are showing instead of clients' IPs. I have the Nginx
RealIP Module installed, I tried various configurations but didn't solve the problem. I then installed
mod_cloudflare which is supposed to log real clients' IPs to Apache as described on CloudFlare, but that also didn't solve the problem.
First, The working configurations for Nginx + Apache only are as follows:
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; real_ip_header X-Client-IP;
LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so <IfModule mod_rpaf-2.0.c> RPAFenable On RPAFproxy_ips 127.0.0.1 #Proxy IPs RPAFsethostname On RPAFheader X-Client-IP </IfModule>
Until now clients' real IPs are shown correctly.
If anyone looking for logging real clients' IPs, you can use the above configurations.
Second, using CloudFlare with Nginx + Apache:
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; set_real_ip_from 188.8.131.52/24; set_real_ip_from 184.108.40.206/24; set_real_ip_from 220.127.116.11/21; set_real_ip_from 18.104.22.168/20; set_real_ip_from 22.214.171.124/22; set_real_ip_from 126.96.36.199/22; set_real_ip_from 188.8.131.52/22; set_real_ip_from 184.108.40.206/18; set_real_ip_from 220.127.116.11/18; set_real_ip_from 18.104.22.168/20; set_real_ip_from 22.214.171.124/20; set_real_ip_from 126.96.36.199/22; set_real_ip_from 188.8.131.52/17; set_real_ip_from 184.108.40.206/15; set_real_ip_from 220.127.116.11/12; set_real_ip_from 18.104.22.168/13; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; real_ip_header CF-Connecting-IP;
LoadModule rpaf_module /usr/local/apache/modules/mod_rpaf-2.0.so <IfModule mod_rpaf-2.0.c> RPAFenable On RPAFproxy_ips 127.0.0.1 #Proxy IPs RPAFsethostname On RPAFheader CF-Connecting-IP </IfModule>
So when using CloudFlare with the above configurations, the IPs being logged belong to CloudFlare despite the configurations made.
I tried the following combinations in Nginx and
mod_rpaf configurations but there were no luck,
#Nginx real_ip_header X-Client-IP; real_ip_header X-Forwarded-For; real_ip_header X-Real-IP; #mod_rpaf RPAFheader X-Client-IP RPAFheader X-Forwarded-For RPAFheader X-Real-IP
real_ip_recursive on; in Nginx configuration. Also, inserted all CloudFlare IP ranges to the
mod_rpaf configuration in a standalone try. However, all of that didn't solve the problem.
Any answer or comment is greatly appreciated. Thank you.
I would advise you use the HTTP_CF_CONNECTING_IP header instead of the X-Forwarded headers.
This is because if there are multiple layers of forwarding, the X-Forwarded headers can be overwritten to a different IP of the layer before it, instead of the actual client IP.