Step 1: Open your lighttpd.conf file and append "mod_extforward" to the end of the server.modules list.
Step 2: Paste the following code block anywhere in the file (well at least after the server.modules lines)
$HTTP["remoteip"] == "204.93.240.0/24" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "204.93.177.0/24" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "199.27.128.0/21" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "173.245.48.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.22.200.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
Step 3: Restart lighttpd and you're good to go!
You should now see the actual user IPs in the access logs and in your applications.
If you want to add Apigee as well:
$HTTP["remoteip"] == "75.101.150.28/32" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "174.129.236.240/32" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
Thanks,
James Hartig
5 comments:
Your code wouldn't work on my lighttpd installation, I would get "invalid character" for every ">", so I use this code instead, which is actually more efficient:
## Get working IP lookups with CloudFlare
extforward.forwarder = (
"204.93.240.0/24" => "trust",
"204.93.177.0/24" => "trust",
"199.27.128.0/21" => "trust",
"173.245.48.0/20" => "trust"
)
extforward.headers = ("CF-Connecting-IP")
What version of Lighttpd do you have?
I had the same problem as Andi, his code worked for me - thanks both of you.
Version was lighttpd/1.4.28
Put the mod_extforward line before mod_accesslog if you want to your access logs to show the real IP address (i.e. not CloudFlare's IP).
Post a Comment