Incorrect IP addresses are logged by Plesk behind a Cloudflare or Google Cloud Load Balancing

Dmitry Bystrov

1 year ago

Symptoms

Plesk is running behind a Cloudflare or Google Cloud Load Balancing.
Internal IP address of load balancer or proxy is displayed in domain logs (Domains > example.com > Logs) instead of the client's IP (real visitor's IP):

Access 192.0.2.2 200 GET / HTTP/1.0

Cause

Proxies and load balancers rewrite the origin IP address and specify the client's IP address in an additional HTTP header.

Resolution

Log into the server via SSH.
Using the next command verify that the remoteip_module Apache module is enabled:
# (apache2ctl -M || httpd -M) | grep remoteip_module

The output below means that remoteip_modulemodule is enabled:

remoteip_module (shared)

Then apply one of the following solutions:

Solution for a single domain with Nginx enabled

Log in to Plesk.
Go to Domains > example.com > Apache & nginx Settings, and add the following content to the Additional nginx directives:
- For Cloudflare:
  
  real_ip_header CF-Connecting-IP;
- For Cloudflare Load Balancing:
  
  set_real_ip_from 130.0.0.0/8;
  set_real_ip_from 35.0.0.0/8;
  set_real_ip_from 103.21.244.0/22;
  set_real_ip_from 103.22.200.0/22;
  set_real_ip_from 103.31.4.0/22;
  set_real_ip_from 104.16.0.0/13;
  set_real_ip_from 104.24.0.0/14;
  set_real_ip_from 108.162.192.0/18;
  set_real_ip_from 131.0.72.0/22;
  set_real_ip_from 141.101.64.0/18;
  set_real_ip_from 162.158.0.0/15;
  set_real_ip_from 172.64.0.0/13;
  set_real_ip_from 173.245.48.0/20;
  set_real_ip_from 188.114.96.0/20;
  set_real_ip_from 190.93.240.0/20;
  set_real_ip_from 197.234.240.0/22;
  set_real_ip_from 198.41.128.0/17;
  set_real_ip_from 2400:cb00::/32;
  set_real_ip_from 2606:4700::/32;
  set_real_ip_from 2803:f800::/32;
  set_real_ip_from 2405:b500::/32;
  set_real_ip_from 2405:8100::/32;
  set_real_ip_from 2c0f:f248::/32;
  set_real_ip_from 2a06:98c0::/29;
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;
  
  Note: It might be required to add other IP address ranges to the set_real_ip_from based on the Google Compute Engine zone used.

Solution for a single domain with Apache only

Log in to Plesk.
Go to Domains > example.com > Apache & Nginx Settings and add the following content to both Additional directives for HTTP and Additional directives for HTTPS:

Note: The remoteip module should be enabled in Tools & Settings > Apache Web Server
- For Cloudflare:
  
  RemoteIPHeader CF-connecting-IP
- For Google Cloud Load Balancing:
  
  RemoteIPHeader X-Forwarded-For
  RemoteIPexternalProxy 130.0.0.0/8
  RemoteIPInternalProxy 35.0.0.0/8

Server-wide solution with Nginx enabled

Connect to the server via SSH.
Download and execute the next script in order to add the Nginx variables globally:

# curl -LO https://raw.githubusercontent.com/plesk/kb-scripts/master/cf-nginx-ip-passthrough/cf.sh && chmod 700 /root/cf.sh
Execute the script:

# bash cf.sh

Note: The script could be called at the required intervals using Plesk Scheduled Tasks.

Server-wide solution with Apache only

Connect to the server via SSH.
Make sure that /etc/httpd/conf/httpd.conf(on Debian-based OS the path is /etc/apache2/apache2.conf) has the following LogFormat:

LogFormat "%a %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
Create a new configuration file:
On Rhel-based OS: /etc/httpd/conf.d/cloudflare.conf
On Debian-based OS: /etc/apache2/conf-enabled/cloudflare.conf
Add Cloudflare IP addresses in the file created on step 3:

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy…

0 Shares

Exit mobile version