Project

General

Profile

Actions

Restoring original visitor IPs, Logging visitor IP addresses with mod extforward

.

Cloudflare

This tutorial is for Cloudflare but similar config applies to other reverse proxy and load balancers.
https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

  • Edit lighttpd.conf, or create a file under /etc/lighttpd/conf.d/, to contain the following
##Cloudflare start
## https://www.cloudflare.com/ips/
server.modules += ("mod_extforward")
extforward.headers = ("CF-Connecting-IP")
extforward.forwarder = (
  "199.27.128.0/21" => "trust" 
 ,"173.245.48.0/20" => "trust" 
 ,"103.21.244.0/22" => "trust" 
 ,"103.22.200.0/22" => "trust" 
 ,"103.31.4.0/22" => "trust" 
 ,"141.101.64.0/18" => "trust" 
 ,"108.162.192.0/18" => "trust" 
 ,"190.93.240.0/20" => "trust" 
 ,"188.114.96.0/20" => "trust" 
 ,"197.234.240.0/22" => "trust" 
 ,"198.41.128.0/17" => "trust" 
 ,"162.158.0.0/15" => "trust" 
 ,"104.16.0.0/13" => "trust" 
 ,"104.24.0.0/14" => "trust" 
 ,"172.64.0.0/13" => "trust" 
 ,"2400:cb00::/32" => "trust" 
 ,"2606:4700::/32" => "trust" 
 ,"2803:f800::/32" => "trust" 
 ,"2405:b500::/32" => "trust" 
 ,"2405:8100::/32" => "trust" 
 ,"2c0f:f248::/32" => "trust" 
 ,"2a06:98c0::/29" => "trust" 
)
##Cloudflare end
  • Check if your configuration file is ok by doing:
    lighttpd -tt -f /etc/lighttpd/lighttpd.conf
  • Restart lighttpd

Updated by gstrauss 7 months ago · 5 revisions