Origin IP&HostName Recovery

user7782 · June 20, 2022, 1:10am

When using Cloudflare, the IP and hostname in the access log will be the Cloudflare IP.

I would like to use the pro plan if I can configure the origin IP to appear in the raw logs.

How do I go about setting this up?

We are not programmers and do not know the hard way to operate on the command line.

If you know how to do this, we would appreciate it if you could give us some hints.

KianNH · June 20, 2022, 1:12am

Take a look at https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

user7782 · June 20, 2022, 1:42am

Thank you for your comment.

Is this to be done within the origin server?

user7782 · June 22, 2022, 1:23am

I have done a lot of research and understand.
I understand that I can configure Apache on the command line by using the “ssh” protocol to communicate with the rental server.
I will give it a try.

user4358 · June 22, 2022, 1:45am

it’s actually really easy to set up with Apache

once you have the remoteip mod enabled this is all you really need:

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/13
RemoteIPTrustedProxy 104.24.0.0/14
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

I didn’t have to touch my logging configuration at all… if you’re already logging IPs to your logs, you should just start seeing real IPs instead of Cloudflare IPs once the mod is turned on & the config is added & Apache is restarted.

Just put it somewhere in your global Apache configuration so that it covers all your vhosts. It’s fine if some of your vhosts aren’t proxied through Cloudflare, it’ll just have no effect on them.

user7782 · June 22, 2022, 6:33am

Thank you for your comment, user4358.

I think it will be rather easy to do.
But ssh itself is my first challenge, so I will try to do it by trial and error.

I will try to remember “mod_remoteip”.
Thanks.

user7782 · June 24, 2022, 12:37am

After much trial and error, I found that mod_remoteip was not available on the server I am subscribed to in the first place.

We apologize for the advice we received.