Search help: |
Type what you're looking for. We will try to find it for you! |
|---|
Cloudflare is a reverse-proxy and so all connections to your website come from one of Cloudflare's servers. Your server will see the IP address as one of Cloudflare's unless you specifically tell it to look at another header. You can do so and have your application look for the CF_CONNECTING_IP header, but this will not update your Lighttpd logs with the correct IP and for some applications, like a Wordpress website, this isn't logical.
To have Lighttpd automatically rewrite the server IP for the access logs and for your application, you can download this configuration and place it on the /etc/lighttpd/conf-enabled/ directory or follow this 3 simple steps below and do it manually if the above configuration doesn't work for you:
Step 1: Open your lighttpd.conf file and add "mod_extforward" to the server.modules list. It must come before "mod_accesslog" (if enabled) to show the real IP in the access logs.
Step 2: Add the following code block anywhere in the lighttpd.conf file after the server modules list.
$HTTP["remoteip"] == "204.93.240.0/24" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "204.93.177.0/24" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "199.27.128.0/21" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "173.245.48.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.22.200.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "141.101.64.0/18" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "108.162.192.0/18" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
Step 3: Restart lighttpd.
You should now be able to see the correct user IPs in your access log and your applications should be able to see the correct IP without any modification on your part.