Are my users real IP still passed to my server?

Yes. We send the real IP address in the x-forwarded-for field. However, some servers require a little tweaking to x-forwarded-for field.

Your web server must be able to read X-Forwarded-For headers. Some web servers, such as LiteSpeed, NGINX and IIS support such a feature by default, while you have to use a module, such as mod_rpaf or mod_remoteip if you're running Apache. The first part of this tutorial will show you how to install and configure Apache with mod_remoteip. We're not going to use mod_rpaf in this example, because it doesn't properly work with CIDRs (IP ranges).


CentOS/RHEL + Apache

1.) Install required packages:

# yum install gcc wget httpd-devel

2.) Download sources:

# wget -O /usr/local/src/mod_remoteip.c https://raw.github.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c


3.) Compile source:

# cd /usr/local/src/
# apxs -i -c -n mod_remoteip.so mod_remoteip.c


4.) Configure:

Create the file /etc/httpd/conf.d/mod_remoteip.conf and paste the following content into it:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 199.91.125.0/24
RemoteIPTrustedProxy 199.245.52.0/24
RemoteIPTrustedProxy 199.91.124.0/24
RemoteIPTrustedProxy 185.8.196.130
RemoteIPTrustedProxy 185.8.196.128/25
RemoteIPTrustedProxy 5.254.100.32/27
RemoteIPTrustedProxy 93.115.83.64/26
RemoteIPTrustedProxy 162.222.212.0/24

Save it and exit.

Important: For cPanel servers you should paste the configuration into /usr/local/apache/conf/includes/pre_main_global.conf


6.) Restart Apache:

# service httpd restart

 

Ubuntu/Debian + Apache

1.) Install required packages:

# apt-get install gcc wget apache2-prefork-dev


2.) Download Sources:

# wget -O /usr/local/src/mod_remoteip.c https://raw.github.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c


3.) Compile source:

# cd /usr/local/src/
# apxs2 -i -c -n mod_remoteip.so mod_remoteip.c

Note: If "apxs2" doesn't work, try "apxs".


4.) Configure:

Create the file /etc/apache2/conf.d/mod_remoteip.conf and paste the following content into it:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 209.141.32.0/19
RemoteIPTrustedProxy 198.251.80.0/20
RemoteIPTrustedProxy 185.8.196.0/24
RemoteIPTrustedProxy 185.8.197.0/24
RemoteIPTrustedProxy 5.254.102.128/25
RemoteIPTrustedProxy 5.254.103.128/28
Save it and exit.


6.) Copy module and restart Apache:

# mkdir -p /etc/apache2/modules
# cp /usr/lib/apache2/modules/mod_remoteip.so /etc/apache2/modules/
# service apache2 restart

 

LiteSpeed

Go to Configuration -> Server, click "Edit" at the "General Settings" box and set "Use Client IP in Header" to "Yes".
LSWS

NGINX

Open your main NGINX configuration, which includes the "http" block (most likely /etc/nginx/nginx.conf) and append the "http" block to look as follows:

http {
...
set_real_ip_from 209.141.32.0/19;
set_real_ip_from 198.251.80.0/20;
set_real_ip_from 185.8.196.0/24;
set_real_ip_from 185.8.197.0/24;

set_real_ip_from 5.254.102.128/25;

real_ip_header X-Forwarded-For;
...
}

Restart NGINX - done.

  • 7 Users Found This Useful
Was this answer helpful?

Related Articles

Proxy Setup

How does proxy setup work? Upon placing an order you provide us with your domain name, backend...

Do you provide a guarantee?

This is best answered by the examples below... For example, a customer signs up with us and has...

Null Routes

Null routes are probably the single most misunderstood element of DDoS protection. For some...

Do you provide Proof of attacks?

We get asked a lot of we can provide proof attacks or graphs from your target server. First...

DDoS Prevention: Protecting The Origin

One of the many great features that RivalGuardian provides is protection from Distributed Denial...