To get real visitors IPs for access control and traffic analysis while using proxy servers, e.g. Cloudflare.
Since OpenLiteSpeed admin panel is not available along with ispmanager 6 installed on the same server, you need to set up directive for option “Use Client IP in Header” manually in the web server’s configuration file “/usr/local/lsws/conf/httpd-config.conf”.
The directive “useIpInProxyHeader” specifies whether to use the IP address listed in the “X-Forwarded-For”, like the option “Use Client IP in Header” does. The directive is not set up by default if the web server was installed via ispmanager 6 or its installation script.
It is recommended to add the directive “useIpInProxyHeader” after “showVersionNumber”, e.g.:
mime conf/mime.properties
showVersionNumber 0
useIpInProxyHeader 1
adminEmails root@localhost
The directive has next possible values:
- 0 – disabled
- 1 – enabled
- 2 – trusted IP Only
- 3 – keep Header from trusted IP
It is not recommended to set value “1”, because it allows clients to spoof IPs with the “X-Forwarded-For” header that is sent to CloudFlare.
To restore real visitor IPs, set the directive values as “2” and then add trusted IPs or/and subnets to the trusted list into the “accessControl” section within the “allow” rule.
IP subnets must be added in a comma-separated list appending a T (for “Trusted”) to the end of each IP, like so:
accessControl {
allow ALL, 125.67.22.0/24T, 19.76.213.2/32T
}
service lsws restart