Cloudflare is a popular service that provides various benefits for your website, such as security, performance, and DNS management.
If you haven’t already, you can connect your Cloudflare account to RunCloud, so that you can manage your DNS records and SSL certificates from the RunCloud dashboard. You can follow the detailed instructions from this guide.
However, when you use Cloudflare as a proxy for your website, the original IP address of the users who visit your website is hidden by Cloudflare’s IP address. This can cause some issues, such as:
- You cannot see the real location and identity of your visitors
- You cannot block or whitelist specific IP addresses based on your needs
- You cannot use some features or plugins that rely on the user’s IP address, such as geolocation, analytics, or anti-spam
Fortunately, there is a way to show the real IP of the users on your OpenLiteSpeed server behind Cloudflare proxy on RunCloud. Let’s see how.
Step 1: Enable useIpInProxyHeader in Server Configuration
The first step is to enable the useIpInProxyHeader option in your server configuration. This option tells OpenLiteSpeed to use the IP address from the X-Forwarded-For header, which is set by Cloudflare, instead of the IP address from the TCP connection.
To enable this option, you need to edit the server configuration file – you can edit this in the “LiteSpeed Server Config” menu in your RunCloud dashboard.
To enable the useIpInProxyHeader option, you need to add the following line under the server section:
useIpInProxyHeader 2The value ‘2’ means that OpenLiteSpeed will trust the IP address from the X-Forwarded-For header only if the connection is from a trusted proxy. This is important in order to prevent IP spoofing attacks. The trusted proxies are defined by the accessControl directive, which we will configure in the next step.
Here is an example of how the server section should look after adding the useIpInProxyHeader option:
Step 2: Add Cloudflare’s IP Ranges to accessControl in Server Configuration
The next step is to add Cloudflare’s IP ranges to the accessControl directive in the server configuration file. This directive specifies which IP addresses are allowed or denied to access the server.
By adding Cloudflare’s IP ranges, we are telling OpenLiteSpeed to trust the IP address from the X-Forwarded-For header only if the connection is from Cloudflare. This way, we can prevent IP spoofing attacks from other sources. Cloudflare occasionally updates their IP ranges, so please refer to Cloudflare website to get the latest list.
To add Cloudflare IP ranges to the accessControl directive, you need to edit the server configuration file again (the same one that you edited in step 1). In this configuration file, scroll down to the accessControl directive.
The above screenshot shows how the file looks before editing. You need to modify the accessControl directive and add IP addresses as shown below:
accessControl {
allow ALL, 103.21.244.0/22T, 103.22.200.0/22T, 103.31.4.0/22T, 104.16.0.0/12T, 108.162.192.0/18T, 131.0.72.0/22T, 141.101.64.0/18T, 162.158.0.0/15T, 172.64.0.0/13T, 173.245.48.0/20T, 188.114.96.0/20T, 190.93.240.0/20T, 197.234.240.0/22T, 198.41.128.0/17T, 199.27.128.0/21T
}- The ‘allow’ keyword means that only the IP addresses that match the following patterns are allowed to access the server.
- The ‘ALL’ keyword means that any IP address is allowed, unless it is explicitly denied by another rule.
- The ‘T’ suffix means that the IP address is a trusted proxy, and the IP address from the X-Forwarded-For header will be used instead of the IP address from the TCP connection.
Here is an example of how the server section should look after adding the accessControl directive:
After editing the file, make sure to save the changes before moving to the next step.
Step 3: Configure the accesslog in Web Application Configuration
The final step is to configure the accesslog in your web application configuration. The accesslog is a file that records the details of each request that is handled by your web application, such as:
- The IP address
- The date and time
- The method
- The URL
- The status code
- The size
- The referer
- The user agent
By configuring the accesslog, you can see the real IP of the users who visit your website in the log file.
To configure the accesslog, you need to edit the web application configuration file, which is different from the one that you edited in step 1 and 2. In your RunCloud dashboard, open your desired web application settings, where you can find the option for Litespeed Configuration in the left menu.
To configure the accesslog, you need to add the following lines at the bottom of the page. Make sure to replace <app-name> with the name of your application:
accesslog /home/runcloud/logs/<app-name>_access.log {
useServer 0
logFormat %a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"
logHeaders 5
rollingSize 10M
keepDays 10
compressArchive 1
}- The ‘logFormat’ keyword specifies the format of each log entry.
- The ‘%a’ variable represents the IP address of the user, which will be the real IP address thanks to the useIpInProxyHeader option.
- The other variables represent other information, such as the user name, the date and time, the request line, the status code, the bytes sent, the referer, and the user agent.
- The ‘keepDays’ keyword specifies how many days to keep the old log files.
- The value ‘10’ means that the old log files will be deleted after 10 days.
- The ‘compressArchive’ keyword specifies whether to compress the old log files.
- The value ‘1’ means that the old log files will be compressed using gzip.
Here is an example of how the server section should look after adding the accesslog directive:
After editing the file, make sure to save the configuration file. RunCloud will automatically restart the server and your changes will be applied immediately.
Step 4: Verify the Access Logs
Once you have configured the necessary settings, you can start seeing the web requests in the access logs section in your RunCloud dashboard. Navigate to the “Web Server Log“ page and you should see the real IP address of your visitors.
