Restore Original Visitors IP

When using the NOC platform the visitors public IP will be masked by our own. This is a result of how reverse proxies work. In it's most basic form, we intercept all incoming requests and only forward the good ones to your origin. This means your origin server will see all traffic aggregated under the NOC IP addresses.

 

This can be problematic for administrators. We solve this by sending the X-REAL-IP and and X-FORWARDED-FOR header in our responses. Below we provide instructions on how to configure your Apache or NGINX web server to record the real IP for each user.

Apache

 

The most current distro of Apache (2.4) should have the remoteIP  module installed by default.

1. Enable mod_remoteip by issuing the following command:

 

sudo a2enmod remoteip

2. Update the site configuration to include RemoteIPHeader X-Real-IP, e.g. /etc/apache2/sites-available/000-default.conf

 

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName remoteip.andy.support
RemoteIPHeader X-Real-IP
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

3. Update combined LogFormat entry in apache.conf, replacing %h with %a in /etc/apache2/apache2.conf. For example, if your current LogFormat appeared as follows

 

LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

 

4. Define trusted proxy addresses by creating /etc/apache2/conf-available/remoteip.conf by entering the following code and NOC IPs:

RemoteIPHeader X-Real-IP
RemoteIPTrustedProxy 144.202.10.148/32;
RemoteIPTrustedProxy 149.202.10.148/32;
...
...
...
RemoteIPTrustedProxy 147.75.92.151/32;
RemoteIPTrustedProxy 139.180.171.116/32;
RemoteIPTrustedProxy 181.215.183.31/32;

 

5. Enable Apache configuration:

 

sudo a2enconf remoteip
Enabling conf remoteip.

To activate the new configuration, you need to run:

 

service apache2 reload

 

6. Test Apache configuration:

 

sudo apache2ctl configtest
Syntax OK

 

7. Restart Apache:

 

sudo systemctl restart apache2

NGINX

 

With NGINX you are going to leverage the ngx_http_realip_module. This is already enabled by default, so all you have to do is update your configuration file.

 

1. Update nginx.conf file with the following section (using the NOC IPs):

 

set_real_ip_from 144.202.10.148/32;
set_real_ip_from 149.202.10.148/32;
...
...
...
set_real_ip_from 147.75.92.151/32;
set_real_ip_from 139.180.171.116/32;
set_real_ip_from 181.215.183.31/32;

real_ip_header X-Real-IP;

#or
#real_ip_header X-Forwarded-For;

 

7. Restart NGINX:

 

sudo systemctl restart nginx

 

Was this article helpful?

Related Articles