This might be an unusual one. I’ve figures out how to block Apache requests that come direct, rather than via Cloudflare. I’ve also figured out how to restore the visitor’s original IP address in the Apache access logs. What I can’t figure out, is how to do both of these things at the same time.
Example, restoring visitors IP address in the Apache access log:
Add “RemoteIPHeader X-Forwarded-For” to the Apache configuration
Change the Apache log format, substituting %h for %a
Example, blocking direct requests that bypass Cloudflare:
- Modify Apache configuration for a particular site:
<Directory /var/html/website/public> Order deny,allow Deny from all Allow from 18.104.22.168/20 # More Cloudflare IP ranges go here </Directory>
Both of the examples above work OK, but don’t play nice together. This is because the “Allow from” in the second example is no longer being matched, because Apache is back to having the user’s original IP address, rather than Cloudflare’s IP address.
I’m hoping there is a simple way of bringing both solutions together. Could anyone advise?