{"id":69,"date":"2024-08-28T02:35:17","date_gmt":"2024-08-28T02:35:17","guid":{"rendered":"https:\/\/tieninsights.com\/?p=69"},"modified":"2024-08-28T02:35:17","modified_gmt":"2024-08-28T02:35:17","slug":"show-real-client-ips-when-use-litespeed-cloudflare","status":"publish","type":"post","link":"https:\/\/tieninsights.com\/?p=69","title":{"rendered":"Show Real Client IPs when use LiteSpeed + Cloudflare"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">To get real visitors IPs for access control and traffic analysis while using proxy servers, e.g. Cloudflare.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Since OpenLiteSpeed admin panel is not available along with ispmanager 6 installed on the same server, you need to set up directive for option \u201c<strong>Use Client IP in Header<\/strong>\u201d manually in the web server\u2019s configuration file \u201c<strong>\/usr\/local\/lsws\/conf\/httpd-config.conf<\/strong>\u201d.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The directive \u201c<strong>useIpInProxyHeader<\/strong>\u201d specifies whether to use the IP address listed in the \u201c<strong>X-Forwarded-For<\/strong>\u201d, like the option \u201c<strong>Use Client IP in Header<\/strong>\u201d does. The directive is not set up by default if the web server was installed via ispmanager 6 or its installation script.<br>It is recommended to add the directive \u201c<strong>useIpInProxyHeader<\/strong>\u201d after \u201c<strong>showVersionNumber<\/strong>\u201d, e.g.:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mime\tconf\/mime.properties\nshowVersionNumber\t0\nuseIpInProxyHeader\t1\nadminEmails\troot@localhost<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The directive has next possible values:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>0 &#8211; disabled<\/li>\n\n\n\n<li>1 &#8211; enabled<\/li>\n\n\n\n<li>2 &#8211; trusted IP Only<\/li>\n\n\n\n<li>3 &#8211; keep Header from trusted IP<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It is not recommended to set value \u201c<strong>1<\/strong>\u201d, because it allows clients to spoof IPs with the &#8220;<strong>X-Forwarded-For<\/strong>&#8221; header that is sent to CloudFlare.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To restore real visitor IPs, set the directive values as \u201c<strong>2<\/strong>\u201d and then add trusted IPs or\/and subnets to the trusted list into the \u201c<strong>accessControl<\/strong>\u201d section within the \u201c<strong>allow<\/strong>\u201d rule.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">IP subnets must be added in a comma-separated list appending a T (for \u201cTrusted\u201d) to the end of each IP, like so:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>accessControl {\n\tallow ALL, 125.67.22.0\/24T, 19.76.213.2\/32T\n}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">service lsws restart<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To get real visitors IPs for access control and traffic analysis while using proxy servers, e.g. Cloudflare. Since OpenLiteSpeed admin panel is not available along with ispmanager 6 installed on the same server, you need to set up directive for option \u201cUse Client IP in Header\u201d manually in the web server\u2019s configuration file \u201c\/usr\/local\/lsws\/conf\/httpd-config.conf\u201d. The &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Show Real Client IPs when use LiteSpeed + Cloudflare\" class=\"read-more button\" href=\"https:\/\/tieninsights.com\/?p=69#more-69\" aria-label=\"Read more about Show Real Client IPs when use LiteSpeed + Cloudflare\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-69","post","type-post","status-publish","format-standard","hentry","category-uncategorized","no-featured-image-padding"],"_links":{"self":[{"href":"https:\/\/tieninsights.com\/index.php?rest_route=\/wp\/v2\/posts\/69","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tieninsights.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tieninsights.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tieninsights.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tieninsights.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=69"}],"version-history":[{"count":1,"href":"https:\/\/tieninsights.com\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":70,"href":"https:\/\/tieninsights.com\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions\/70"}],"wp:attachment":[{"href":"https:\/\/tieninsights.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tieninsights.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tieninsights.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}