{"id":8477,"date":"2024-05-18T07:28:19","date_gmt":"2024-05-18T07:28:19","guid":{"rendered":"https:\/\/www.infinitivehost.com\/knowledge-base\/?p=8477"},"modified":"2024-05-18T07:28:21","modified_gmt":"2024-05-18T07:28:21","slug":"set-http_cf_connecting_ip-in-apache-easy-configuration","status":"publish","type":"post","link":"https:\/\/www.infinitivehost.com\/knowledge-base\/set-http_cf_connecting_ip-in-apache-easy-configuration\/","title":{"rendered":"Set HTTP_CF_CONNECTING_IP in Apache – Easy Configuration"},"content":{"rendered":"
<\/span> 5,596<\/span> Views<\/span><\/div>\n

To set the HTTP_CF_CONNECTING_IP<\/strong><\/code> header in the Apache HTTP Server configuration, you need to ensure that the header from Cloudflare is correctly forwarded to your application as the client’s IP address. This is commonly done using the mod_remoteip<\/strong><\/code> module in Apache.<\/p>\n\n\n\n

Here’s how you can do it:<\/p>\n\n\n\n

1. Enable mod_remoteip<\/code> Module<\/h3>\n\n\n\n

First, ensure that the mod_remoteip<\/strong><\/code> module is enabled. This module allows Apache to use the X-Forwarded-For<\/strong><\/code> or similar headers to determine the real client IP address.<\/p>\n\n\n\n

On Debian\/Ubuntu, you can enable the module with:<\/p>\n\n\n\n

sudo a2enmod remoteip<\/code><\/code><\/pre>\n\n\n\n
On Red Hat\/CentOS, you might need to manually add it to your configuration if it’s not already available.<\/p>\n\n\n\n
2. Configure mod_remoteip<\/code><\/h3>\n\n\n\n
Next, configure the module in your Apache configuration file (typically located at \/etc\/apache2\/apache2.conf<\/strong><\/code> or \/etc\/httpd\/conf\/httpd.conf<\/strong><\/code>).<\/p>\n\n\n\n
Add the following configuration:<\/p>\n\n\n\n
<IfModule remoteip_module>\n    RemoteIPHeader CF-Connecting-IP\n    RemoteIPTrustedProxy 127.0.0.1 ::1\n<\/IfModule><\/code><\/code><\/pre>\n\n\n\n
Explanation:<\/h3>\n\n\n\n
    \n
  • RemoteIPHeader CF-Connecting-IP<\/strong><\/code>: This directive tells Apache to use the CF-Connecting-IP<\/strong><\/code> header provided by Cloudflare to determine the real IP address of the client.<\/li>\n\n\n\n
  • RemoteIPTrustedProxy 127.0.0.1 ::1<\/strong><\/code>: This directive specifies trusted proxies. Typically, you would include your internal IPs here. 127.0.0.1<\/strong><\/code> and ::1<\/strong><\/code> represent localhost in IPv4 and IPv6, respectively. You might need to add your Cloudflare IP ranges here as well if necessary.<\/li>\n<\/ul>\n\n\n\n
    3. Restart Apache<\/h3>\n\n\n\n
    After making these changes, restart Apache to apply the configuration.<\/p>\n\n\n\n
    On Debian\/Ubuntu:<\/p>\n\n\n\n
    sudo systemctl restart apache2<\/code><\/code><\/pre>\n\n\n\n
    On Red Hat\/CentOS:<\/p>\n\n\n\n
    sudo systemctl restart httpd<\/code><\/code><\/pre>\n\n\n\n
    Additional Configuration (Optional)<\/h3>\n\n\n\n
    If you also want to log the original client IP in your Apache logs, you can update the LogFormat directive:<\/p>\n\n\n\n
    LogFormat \"%a %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined<\/code><\/code><\/pre>\n\n\n\n
    In this format:<\/p>\n\n\n\n
      \n
    • %a<\/strong><\/code> logs the client IP address.<\/li>\n<\/ul>\n\n\n\n
      Ensure that you are using this LogFormat<\/strong><\/code> in your CustomLog<\/strong><\/code> directive:<\/p>\n\n\n\n
      CustomLog ${APACHE_LOG_DIR}\/access.log combined<\/code><\/code><\/pre>\n\n\n\n
      Conclusion<\/h3>\n\n\n\n
      By enabling and configuring the mod_remoteip<\/strong><\/code> module to use the CF-Connecting-IP<\/strong><\/code> header, you ensure that Apache correctly identifies and logs the real client IP address behind the Cloudflare proxy. This configuration is essential for accurate client identification and logging.<\/p>\n","protected":false},"excerpt":{"rendered":"
      5,596 Views To set the HTTP_CF_CONNECTING_IP header in the Apache HTTP Server configuration, you need to ensure that the header from Cloudflare is correctly forwarded to your application as the client’s IP address. This is commonly done using the mod_remoteip module in Apache. Here’s how you can do it: 1. Enable mod_remoteip Module First, ensure […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[73],"tags":[],"class_list":["post-8477","post","type-post","status-publish","format-standard","hentry","category-cloudflare-cdn"],"_links":{"self":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/8477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/comments?post=8477"}],"version-history":[{"count":2,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/8477\/revisions"}],"predecessor-version":[{"id":8479,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/8477\/revisions\/8479"}],"wp:attachment":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/media?parent=8477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/categories?post=8477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/tags?post=8477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}