1. Home
  2. Troubleshooting
  3. Restore Original Visitors IP
Searching...

Restore Original Visitors IP

Contents

When using the NOC platform the visitors public IP will be masked by our own. This is a result of how reverse proxies work. In its most basic form, we intercept all incoming requests and only forward the good ones to your origin. This means your origin server will see all traffic aggregated under the NOC IP addresses.

This can be problematic for administrators. We solve this by sending the X-REAL-IP and and X-FORWARDED-FOR header in our responses. Below we provide instructions on how to configure your Apache or NGINX web server to record the real IP for each user.

Apache

The most current distro of Apache (2.4) should have the remoteIP module installed by default.

1. Enable mod_remoteip by issuing the following command:

sudo a2enmod remoteip

2. Update the site configuration to include RemoteIPHeader X-Real-IP, e.g. /etc/apache2/sites-available/000-default.conf

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName remoteip.andy.support
RemoteIPHeader X-Real-IP
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

3. Update combined LogFormat entry in apache.conf, replacing %h with %a in /etc/apache2/apache2.conf. For example, if your current LogFormat appeared as follows

LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

4. Define trusted proxy addresses by creating /etc/apache2/conf-available/remoteip.conf by entering the following code and NOC IPs:

RemoteIPHeader X-Real-IP
RemoteIPTrustedProxy 144.202.10.148/32;
RemoteIPTrustedProxy 149.202.10.148/32;
...
...
...
RemoteIPTrustedProxy 147.75.92.151/32;
RemoteIPTrustedProxy 139.180.171.116/32;
RemoteIPTrustedProxy 181.215.183.31/32;

5. Enable Apache configuration:

sudo a2enconf remoteip
Enabling conf remoteip.

To activate the new configuration, you need to run:

service apache2 reload

6. Test Apache configuration

sudo apache2ctl configtest
Syntax OK

7. Restart Apache

sudo systemctl restart apache2

NGINX

With NGINX you are going to leverage the ngx_http_realip_module. This is already enabled by default, so all you have to do is update your configuration file.

1. Update nginx.conf file with the following section (using the NOC IPs)

set_real_ip_from 144.202.10.148/32;
set_real_ip_from 149.202.10.148/32;
...
...
...
set_real_ip_from 147.75.92.151/32;
set_real_ip_from 139.180.171.116/32;
set_real_ip_from 181.215.183.31/32;


real_ip_header X-Real-IP;


#or
#real_ip_header X-Forwarded-For;

7. Restart NGINX

sudo systemctl restart nginx
Updated on December 8, 2023
Tagged:

Was this article helpful?

Yes No

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Email: support@noc.org

Leave a Comment