Cloudflare Restoring original visitor IPs with mod_remoteip in Ubuntu Apache

In this tutorial I’ll guide you how to install mod_remoteip an Apache module to restore original visitor’s ip When using cloudflare service. You may have encountered issue with cloudflare proxy ip when you checked the log and found all the ips are from cloudflare to cope with this situation we need to configure mod_remoteip with cloudflare’s trusted address. Lets get started :

Ensure you logged in as root user, ssh.

Step 1 :

Enable mod_remoteip :

a2enmod remoteip

Step 2 :

Now we need to modify and add some configs to apache2.conf

apt install nano
nano /etc/apache2/apache2.conf
Now add this line at the last of the config file :

RemoteIPHeader X-Forwarded-For
Now you need to replace the line for log format :

Find :

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined 

and replace that line with :

LogFormat "%a %h  %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 

i.e. I’ve added only “%a”

Step 3 :

Then we need to create Apache Cloudflare trusted proxies conf file :

**create “remoteip.conf” file in location “/etc/apache2/conf-available/”

nano /etc/apache2/conf-available/remoteip.conf

Now paste this config and save it :

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

Next restart Apache service and check the log and check the real ips are now logging :

systemctl restart apache2