Methods of payment
Telegram Bot @the_hosting_bot
Abuse
English

Site protection: restore original visitor IPs

10.04.2025, 19:26
Content:

To see the real IP addresses of site visitors, configure X-Forwarded-For decoding for networks from the list that was used when configuring the firewall. Below are examples of such settings for popular web servers.

Apache web server up to version 2.4

Change file /etc/apache2/mods-enabled/rpaf.conf, add following lines:

<IfModule rpaf_module>
  RPAFenable On
  # When enabled, take the incoming X-Host header
  # and update the virtualhost settings accordingly:
  RPAFsethostname On
  # Define which IP's are your frontend proxies that sends
  # the correct X-Forwarded-For headers:
  RPAFproxy_ips 77.220.207.0/24 45.10.240.0/24 45.10.241.0/24 45.10.242.0/24 186.2.160.0/24 186.2.164.0/24 186.2.167.0/24 186.2.168.0/24
  # Change the header name to parse from the default
  # X-Forwarded-For to something of your choice:
  # RPAFheader DDG-Connecting-IP
</IfModule>

Apache web server version 2.4 and above

  1. Deactivate mod_rpaf module by command a2dismod rpaf
  2. Activate mod_remoteip module by command a2enmod mod_remoteip
  3. Restart Apache service by command: systemctl restart apache2
  4. Create or change file /etc/apache2/conf-available/remoteip.conf, add following lines:
<IfModule remoteip_module>
  # Take the incoming X-Host header and
  # update the virtualhost settings accordingly:
  RemoteIPHeader X-Forwarded-For
  # Define which IP's are your frontend proxies that sends
  # the correct X-Forwarded-For headers:
  RemoteIPTrustedProxy 77.220.207.0/24 45.10.240.0/24 45.10.241.0/24 45.10.242.0/24 186.2.160.0/24 186.2.164.0/24 186.2.167.0/24 186.2.168.0/24
</IfModule>

Nginx web server

Add following lines to file /etc/nginx/nginx.conf in the section http:

set_real_ip_from 77.220.207.0/24;
set_real_ip_from 45.10.240.0/24;
set_real_ip_from 45.10.241.0/24;
set_real_ip_from 45.10.242.0/24;
set_real_ip_from 186.2.160.0/24;
set_real_ip_from 186.2.164.0/24;
set_real_ip_from 186.2.167.0/24;
set_real_ip_from 186.2.168.0/24;

The contents of X-Forwarded-For can be forged, but the last address in the chain will always be the real IP from which the request came to our network. This address is also transmitted in the DDG-Connecting-IP header.

The X-Real-IP header is proxied unchanged and may contain false information.
Do not use it for security-related functions.

Other articles of the section

31.01.2023
Site protection: block/allow IP lists
Site protection: block/allow IP lists
31.01.2023
Site protection: сaching and CDN
Site protection: сaching and CDN
31.01.2023
Site protection: firewall settings
Site protection: firewall settings
31.01.2023
Site protection: DNS settings
Site protection: DNS settings
North Macedoninan VPS servers: 30% off with this promo code!
Apply the discount by inserting the promo code in the special field at checkout:
Log In
Valid up to and including 27.10.2025, 23:59 (UTC+3)