infinitivehost-logo
Limited Time
Get an extra 10% discount
Special Offer
30
MINS
59
SECS
Don't miss out on the final opportunity to enjoy great savings with promo code:
CHEERS2024
shadowgirl
Google-logo
google-star 4.4
Note: Don't forget to copy the coupon code and apply it during checkout for exclusive discounts!
SHARED HOSTING SERVICE

Set HTTP_CF_CONNECTING_IP in Apache – Easy Configuration

18
May
  • Infinitive Host / 6 months
  • May 18, 2024
  • 2 min read
1,012 Views

To set the HTTP_CF_CONNECTING_IP header in the Apache HTTP Server configuration, you need to ensure that the header from Cloudflare is correctly forwarded to your application as the client’s IP address. This is commonly done using the mod_remoteip module in Apache.

Here’s how you can do it:

1. Enable mod_remoteip Module

First, ensure that the mod_remoteip module is enabled. This module allows Apache to use the X-Forwarded-For or similar headers to determine the real client IP address.

On Debian/Ubuntu, you can enable the module with:

sudo a2enmod remoteip

On Red Hat/CentOS, you might need to manually add it to your configuration if it’s not already available.

2. Configure mod_remoteip

Next, configure the module in your Apache configuration file (typically located at /etc/apache2/apache2.conf or /etc/httpd/conf/httpd.conf).

Add the following configuration:

<IfModule remoteip_module>
    RemoteIPHeader CF-Connecting-IP
    RemoteIPTrustedProxy 127.0.0.1 ::1
</IfModule>

Explanation:

  • RemoteIPHeader CF-Connecting-IP: This directive tells Apache to use the CF-Connecting-IP header provided by Cloudflare to determine the real IP address of the client.
  • RemoteIPTrustedProxy 127.0.0.1 ::1: This directive specifies trusted proxies. Typically, you would include your internal IPs here. 127.0.0.1 and ::1 represent localhost in IPv4 and IPv6, respectively. You might need to add your Cloudflare IP ranges here as well if necessary.

3. Restart Apache

After making these changes, restart Apache to apply the configuration.

On Debian/Ubuntu:

sudo systemctl restart apache2

On Red Hat/CentOS:

sudo systemctl restart httpd

Additional Configuration (Optional)

If you also want to log the original client IP in your Apache logs, you can update the LogFormat directive:

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

In this format:

  • %a logs the client IP address.

Ensure that you are using this LogFormat in your CustomLog directive:

CustomLog ${APACHE_LOG_DIR}/access.log combined

Conclusion

By enabling and configuring the mod_remoteip module to use the CF-Connecting-IP header, you ensure that Apache correctly identifies and logs the real client IP address behind the Cloudflare proxy. This configuration is essential for accurate client identification and logging.

Leave a comment

Your email address will not be published. Required fields are marked *

Add A Knowledge Base Question !

Add A Knowledge Base Question !