Are my users real IP still passed to my server?

Yes. We send the real IP address in the x-forwarded-for field. However, some servers require a little tweaking to x-forwarded-for field.

Your web server must be able to read X-Forwarded-For headers. Some web servers, such as LiteSpeed, NGINX and IIS support such a feature by default, while you have to use a module, such as mod_rpaf or mod_remoteip if you're running Apache. The first part of this tutorial will show you how to install and configure Apache with mod_remoteip. We're not going to use mod_rpaf in this example, because it doesn't properly work with CIDRs (IP ranges).


CentOS/RHEL + Apache

1.) Install required packages:

# yum install gcc wget httpd-devel

2.) Download sources:

# wget -O /usr/local/src/mod_remoteip.c https://raw.github.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c


3.) Compile source:

# cd /usr/local/src/
# apxs -i -c -n mod_remoteip.so mod_remoteip.c


4.) Configure:

Create the file /etc/httpd/conf.d/mod_remoteip.conf and paste the following content into it:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 199.91.125.0/24
RemoteIPTrustedProxy 199.245.52.0/24
RemoteIPTrustedProxy 199.91.124.0/24
RemoteIPTrustedProxy 185.8.196.130
RemoteIPTrustedProxy 185.8.196.128/25
RemoteIPTrustedProxy 5.254.100.32/27
RemoteIPTrustedProxy 93.115.83.64/26
RemoteIPTrustedProxy 162.222.212.0/24

Save it and exit.

Important: For cPanel servers you should paste the configuration into /usr/local/apache/conf/includes/pre_main_global.conf


6.) Restart Apache:

# service httpd restart

 

Ubuntu/Debian + Apache

1.) Install required packages:

# apt-get install gcc wget apache2-prefork-dev


2.) Download Sources:

# wget -O /usr/local/src/mod_remoteip.c https://raw.github.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c


3.) Compile source:

# cd /usr/local/src/
# apxs2 -i -c -n mod_remoteip.so mod_remoteip.c

Note: If "apxs2" doesn't work, try "apxs".


4.) Configure:

Create the file /etc/apache2/conf.d/mod_remoteip.conf and paste the following content into it:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 209.141.32.0/19
RemoteIPTrustedProxy 198.251.80.0/20
RemoteIPTrustedProxy 185.8.196.0/24
RemoteIPTrustedProxy 185.8.197.0/24
RemoteIPTrustedProxy 5.254.102.128/25
RemoteIPTrustedProxy 5.254.103.128/28
Save it and exit.


6.) Copy module and restart Apache:

# mkdir -p /etc/apache2/modules
# cp /usr/lib/apache2/modules/mod_remoteip.so /etc/apache2/modules/
# service apache2 restart

 

LiteSpeed

Go to Configuration -> Server, click "Edit" at the "General Settings" box and set "Use Client IP in Header" to "Yes".
LSWS

NGINX

Open your main NGINX configuration, which includes the "http" block (most likely /etc/nginx/nginx.conf) and append the "http" block to look as follows:

http {
...
set_real_ip_from 209.141.32.0/19;
set_real_ip_from 198.251.80.0/20;
set_real_ip_from 185.8.196.0/24;
set_real_ip_from 185.8.197.0/24;

set_real_ip_from 5.254.102.128/25;

real_ip_header X-Forwarded-For;
...
}

Restart NGINX - done.

  • 7 Users Found This Useful
Was this answer helpful?

Related Articles

Proxy Setup

How does proxy setup work? Upon placing an order you provide us with your domain name, backend...

Non-payment/Suspended DDOS Services

To re-active DDOS services susended for non-payment all outstanding balances must be paid via...

If my DDOS account is suspended for non-payment can I get my files?

Services will be turned on once all outstanding funds fave been paid via bank transfer. Why bank...

DDOS and DNS A Records

It is required that all DDOS shared hosting clients use Rivalhost Global Protected Name-servers...

How come I can't ping my DDOS Protected IP?

We turn off icmp for DDOS VPS's and servers for your protection. Usually a ping is used to check...