Fix for sites with IP Security on sessions

I host multiple websites on my servers, and all my websites have an IP Security feature, meaning my server needs to know the actual IP of the visitors and NOT the CloudFlare IP. (This is to prevent user sessions from getting taken over by other users/IPs.)

Currently our fix is to put the following line of text in our Apache Virtual Hosts Config file:
RemoteIPHeader X-Forwarded-For

However, the folks at CloudFlare said we MAY need to do more, and directed me to this page:

Can anyone shed light on what I should be doing in addition (or in place of) our current fix? The instructions on this page are confusing.

Thank you,
Dan

This might be a better approach. Just make sure you save backups of the files you modify.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.