CDN Cloudflare how to set and preserve the real IP of the client without modifying application code on Apache

Your frontend CDN (eg. Cloudflare or even your own load balancer/proxy) must be sending the X-Forwarded-For and you must be running Apache on the backend.
This solves the problem where your logs and services will only see the proxy/CDN IP and not the real client IP.

modremoteip is the most modern and current working solution

 

Step 1.) Enable remoteip

 a2enmod remoteip

Step 2.) Edit/Enable the correct config

Edit this file: /etc/apache2/conf-enabled/remoteip.conf 

Make your entries like below (you can add more lines of RemoteIPTrustedProxy as needed).


RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 1.2.3.4
 

Step 3.) Restart Apache

You should now find that the client IP is what is shown in the Apache logs and REMOTE_ADDR variable.  Remember to update the remoteip.conf with the current IPs of your load balancer/CDN service.

Note that most versions of mod_rpaf at least in newer Debian/Ubuntu seem to be broken and DO NOT work.  The symptom will be that your Apache logs have the correct client IP but say in PHP the REMOTE_ADDR variable will be that of the proxy/loadbalancer/cloudflare even though you have added the correct IP's in the RPAF_ProxyIPs line.  It appears the project is no longer maintained and working in newer Apache/PHP.

Here is some discussion about mod_rpaf in recent Debian/Ubuntu



mod_rpaf will fix all of this

This solution transparently sets the real IP of the client for Apache and any services that rely on the REMOTE_ADDR without having to modify any code.
 

Install the right tools:


#install the devel tools and gcc for your distro and git
yum -y install httpd-devel gcc git

 

Get the mod_rpaf source code

 

#let's git the mod_rpaf module (most distros don't have this as a package installable module) so we have to build it ourselves
cd ~
git clone https://github.com/gnif/mod_rpaf.git
cd mod_rpaf

 

Compile mod_rpaf

 


#let's compile and install the mod_rpaf.c code
apxs -i -c -n rpaf mod_rpaf.c

 

Edit httpd.conf

#edit the httpd.conf for Apache to enable mod_rpaf, be sure to set the RPAF_ProxyIPs to whatever IPs your CDN/proxy uses otherwise the original CDN IP will still be presented to Apache

Edit the two example of IPs below to be your CDN/Proxy/LoadBalancer IPs (if you only have 1 IP then only put 1 there).

LoadModule rpaf_module modules/mod_rpaf.so


    RPAF_Enable             On
    RPAF_Header             X-Forwarded-For
    RPAF_ProxyIPs           1.2.3.4 5.6.7.8
    RPAF_SetHostName        On
    RPAF_SetHTTPS           On
    RPAF_SetPort            On


 

#remember to restart httpd/apache


systemctl restart httpd
#now remove gcc and httpd-devel and git for security reasons
yum -y remove gcc httpd-devel git

 

If you are using varnish

When using varnish you need to add on the IP 127.0.0.1 to the RPAF_ProxyIPs line or it will break your logs, or in otherwords Varnish requests will all show up to Apache as 127.0.0.1 instead of the real client IP.


Tags:

cdn, cloudflare, preserve, ip, modifying, apacheyour, frontend, eg, balancer, proxy, forwarded, apache, backend, solves, logs, mod_rpaf, transparently, rely, remote_addr, modify, install, devel, gcc, distro, git, yum, httpd, module, distros, installable, clone, https, github, gnif, compile, apxs, rpaf, edit, conf, enable, rpaf_proxyips, ips, presented, loadbalancer, loadmodule, rpaf_module, modules, ifmodule, rpaf_enable, rpaf_header, rpaf_sethostname, rpaf_sethttps, rpaf_setport, restart, systemctl,

Latest Articles

  • Nvidia Datacenter Driver Tesla Slow nvidia-smi response and high utilization with 0 usage
  • ffmpeg how to normalize / increase the volume of your audio
  • kdenlive audio blips pops cracks artifacts solution fix
  • haproxy / nginx certbot SSL issues
  • nginx how to see the real IP when behind a CDN
  • Docker how to find real container child process ID
  • Alibaba Aliyun how to reset password solution 'Setup does not meet the requirements, please resetting'
  • RTL88X Series 80Mhz hostapd mode for Linux Debian Kali
  • How To Deploy Your Own Mastodon Server in Docker
  • ffmpeg burning subtitles in non-English errors [Parsed_subtitles_0 @ 0x561d3a0b3b80] Glyph 0x6709 not found, selecting one more font for (Sans, 700, 0)
  • rsyslog in container config
  • Interesting Whisper AI CPU vs GPU Test
  • How to install pytorch with cuda capability for AI acceleration with Nvidia Tesla etc.. GPUs
  • How to Spider the web archive.org to recover your old website/webpage
  • Debian 10 /etc/apt/sources.list
  • Linux Debian Cannot Upgrade Kernel Headers Missing Solution
  • How to install ZFS on Linux Ubuntu Debian Mint
  • How to Add Contrib Packages to Debian/Linux/Mint by editing /etc/apt/sources.list
  • Proxmox How To Purge Ceph
  • VMWare ESXi/VSphere Disable Balloon Segfault in Services Solution
    • Copyright © realtechtalk.com 2026