Full details on the topic.
# Real ip resolution as the right way
The right way is to set a real-ip resolution at server levels
- Nginx (with [http_realip_module][1])
- Apache (with [mod_remoteip module][2])
- Or both Nginx and Apache, in a multi-proxy setup (Using both of the above)
The benefit of that. Is having the whole stack works naturally without modifications and the whole stack. Also if you make modifications to your stack. Things will remain to work without needing to re-setup.
- Apache, and all its modules
- App and framework and all libraries behind Apache
- Same thing for nginx
- In short the whole stack. Variables are defined at every stack or layer level. And depending on the layers above them.
Also, The usage of such `real-ip` modules adds `trust security`.
- Only the defined trusted ips will be used to set the real-ip.
# Cloudflare module deprecated
As by Cloudflare doc. The Old Cloudflare module is deprecated. And you have to use Apache and Nginx-specific specialized modules.\
https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/ π₯ a good read.
# Details explaining answer with examples
My answer here shows a full example and goes into explaining the details, It's long and detailed\
π₯π₯ https://stackoverflow.com/a/76845593/7668448 π₯π₯
Points
- Two sides deal
- One side set headers (Proxy)
- One side resolves using the headers and set real-ip (overriding internal variables)
- Right way. Because it allows all stacks defaults to work naturally
- What does setting real-ip mean (Nginx, Apache, ....)
- Cloudflare => Nginx => Apache situation example
- Proxy side (Nginx example)
- Why we should use real-ip module
- Trust security
- Details about all elements
- real-ip module
- X-Forward-for header and how it works
- `$remote_addr` variable
- `$proxy_add_x_forwarded_for` variable
- Usual used Headers
- Setting headers
- π₯ Apache Side π₯.
- `mod_remoteip` module
- whole details about setting up the configuration
- Setting real-ip, vs just Logging headers
- Some header debugging tips (Apache and nginx)
- Bonus: Automating trust IP lists update π₯π₯π₯π₯π₯π₯π₯π₯π₯π₯π₯π₯
[1]: https://nginx.org/en/docs/http/ngx_http_realip_module.html
[2]: https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
# Real ip resolution as the right way
The right way is to set a real-ip resolution at server levels
- Nginx (with [http_realip_module][1])
- Apache (with [mod_remoteip module][2])
- Or both Nginx and Apache, in a multi-proxy setup (Using both of the above)
The benefit of that. Is having the whole stack works naturally without modifications and the whole stack. Also if you make modifications to your stack. Things will remain to work without needing to re-setup.
- Apache, and all its modules
- App and framework and all libraries behind Apache
- Same thing for nginx
- In short the whole stack. Variables are defined at every stack or layer level. And depending on the layers above them.
Also, The usage of such `real-ip` modules adds `trust security`.
- Only the defined trusted ips will be used to set the real-ip.
# In case of behind Cloudflare and module deprecated
As by Cloudflare doc. The Old Cloudflare module is deprecated. And you have to use Apache and Nginx-specific specialized modules.\
https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/ π₯ a good read.
# Details explaining answer with examples
My answer here shows a full example and goes into explaining the details, It's long and detailed\
π₯π₯ https://stackoverflow.com/a/76845593/7668448 π₯π₯
- π₯Apache sideπ₯ contains info about how to set things in Apache. Otherwise, you'll get a general sense about any type of server.
Points
- Two sides deal
- One side set headers (Proxy)
- One side resolves using the headers and set real-ip (overriding internal variables)
- Right way. Because it allows all stacks defaults to work naturally
- What does setting real-ip mean (Nginx, Apache, ....)
- Cloudflare => Nginx => Apache situation example
- Proxy side (Nginx example)
- Why we should use real-ip module
- Trust security
- Details about all elements
- real-ip module
- X-Forward-for header and how it works
- `$remote_addr` variable
- `$proxy_add_x_forwarded_for` variable
- Usual used Headers
- Setting headers
- π₯ Apache Side π₯. π₯<=============================π₯
- `mod_remoteip` module
- whole details about setting up the configuration
- Setting real-ip, vs just Logging headers
- Some header debugging tips (Apache and nginx)
[1]: https://nginx.org/en/docs/http/ngx_http_realip_module.html
[2]: https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
