Real Visitor IPs With Website DDoS Protection

How to Get Real Visitor IPs in Web Server Access Logs

In order to receive the real visitor IPs in your backend's access logs when using our remote DDoS protection for websites, your web server must be able to parse X-Forwarded-For headers. Some web servers, such as LiteSpeed, NGINX and IIS support this by default.

With Apache, the most popular web server however, you need to use a module, such as mod_rpaf or mod_remoteip in order to get the real visitor IPs. The first part of this tutorial will show you how to install and configure Apache with mod_remoteip. We're not going to use mod_rpaf in this example, because it's outdated, doesn't support CIDRs and only works with Apache 2.2.

We will use 1.2.3.4 as a fictional IP address in this tutorial. When applying the configuration on your backend server, you need to replace 1.2.3.4 with your actual remote DDoS protection IP that you received via email and that you can view in GuardPanel and point your domain to.

CentOS/RHEL & Apache

1.) Install required packages

# yum install gcc wget httpd-devel

2.) Download and compile sources (ONLY if you run Apache 2.2! If you run Apache 2.4 just skip this step)

# wget -O /usr/local/src/mod_remoteip.c https://raw.githubusercontent.com/infinitnet/mod_remoteip-httpd22/master/mod_remoteip.c
# cd /usr/local/src/
# apxs -i -c -n mod_remoteip.so mod_remoteip.c

3.) Configure mod_remote IP for your JavaPipe reverse proxy

Create the file /etc/httpd/conf.d/mod_remoteip.conf and paste the following:

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4

4.) Save it and restart httpd.

If the real IP is not seen in the apache logs, then you will need to add a custom log format:

LogFormat "%a %l %u %t \"%r\" %>s %b" foo

%a - is the client IP of the request.

cPanel/WHM Servers

On WHM/cPanel servers the process is different, because it doesn't use CentOS repositories for Apache, but instead a tool called EasyApache to compile a custom Apache version from source.

If you use EasyApache 3, do

# cd /var/cpanel/easy/apache/custom_opt_mods
# wget https://documentation.cpanel.net/download/attachments/1775755/custom_opt_mod-remoteip.tgz
# tar xf custom_opt_mod-remoteip.tgz
# rm -f custom_opt_mod-remoteip.tgz

Now recompile Apache from WHM using EasyApache 3 and make sure to enable mod_remoteip in the Exhaustive Options List! Proceed with pasting the config that's mentioned below the instructions for EasyApache 4.

If you use EasyApache 4, do

# yum -y install ea-apache24-mod_remoteip

Now paste below config to /usr/local/apache/conf/mod_remoteip.conf

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4

Save it and restart httpd.

Ubuntu/Debian & Apache

1.) Install required packages with

# apt-get install gcc wget apache2-prefork-dev

2.) Download and compile sources (ONLY if you run Apache 2.2! If you run Apache 2.4 just skip step 2 and 3 and proceed to step 4)

# wget -O /usr/local/src/mod_remoteip.c https://raw.githubusercontent.com/infinitnet/mod_remoteip-httpd22/master/mod_remoteip.c
# cd /usr/local/src/
# apxs2 -i -c -n mod_remoteip.so mod_remoteip.c

Note: If apxs2 doesn't work, try apxs

3.) Copy the compiled module to the correct location

# mkdir -p /etc/apache2/modules
# cp /usr/lib/apache2/modules/mod_remoteip.so /etc/apache2/modules/

4.) Configure mod_remote IP for your JavaPipe reverse proxy

Create the file /etc/apache2/conf.d/mod_remoteip.conf and paste

LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4

Save it and restart apache2.

Real IP with LiteSpeed

Go to Configuration -> Server, click "Edit" at the "General Settings" box and set "Use Client IP in Header" to "Yes".

LiteSpeed X-Forwarded-For Real IP

Real IP with NGINX

Open your main NGINX configuration, which includes the "http" block (most likely /etc/nginx/nginx.conf) and append the "http" block to look as follows

http {
...
set_real_ip_from 1.2.3.4;
real_ip_header X-Forwarded-For;
...
}

Restart NGINX and you're done.

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Whitelist your DDoS Protected IP on your Server

Its important to whitelist your remote DDoS protection IP on your server so that it does not...

DDoS Protection for Minecraft - Banning User IP Addresses

DDoS Protection for Minecraft - Banning User IP Addresses Our Remote DDoS protection provides a...

Minecraft Servers - Handling single IP for all users.

Since the remote DDoS protection (read: What is a Distributed Denial of Service Attack?) funnels...

Blocking all traffic except DDoS Protected IP

For extra measure of security it is best to prevent access to your server from any other IP...

Constant disconnections could be due to OpenJDK

If you are using JavaPipe remote DDoS protection to mitigate DDoS against your minecraft server...