Wordpress under reverse proxy and real client IP

2024-03-07

I have several wordpress websites which is running on my FreeBSD server.

This is my stack:

Container (FreeBSD jail)
AMP (Apache, MySQL, PHP)
Reverse Proxy (Caddy)
CDN (Cloudflare)

The website work well of course but It couldn’t record real IP of the client.

It catch my Reverse Proxy (Caddy) in my subnet (something like this 10.0.0.XXX) instead of real client IP.

I check my setup by my local httpbin server. Then I found that my Apache was misconfig.

The real IP should be Cf-Connecting-Ip instead of something in X-Forwarded-For.

Config Apache

Enable remoteip_module

Edit httpd.conf

# vim /usr/local/etc/apache24/httpd.conf

Uncomment the line below

LoadModule remoteip_module libexec/apache24/mod_remoteip.so

Config remoteip_module

Create a new apache config file for this

# touch /usr/local/etc/apache24/Includes/remoteip_cf.conf
# vim /usr/local/etc/apache24/Includes/remoteip_cf.conf

Then add the line below

RemoteIPHeader CF-Connecting-IP

Check it

Restart Apache then it’s all set.

You may want to log client IP connect to your website. You can do it by edit httpd.conf file.

Change %a to your LogFormat, for example

LogFormat "%a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Comments

← Ghi chép về cài đặt OPNsense quay PPPoE Viettel IPv4 & IPv6 Headless torrent on FreeBSD box with Transmission →