Hello!
How can it be resolved that the user’s IP is displayed in the apache log and error log files? Currently, the server is operating from a natolt network (due to ddos protection behind vpn). and write the vpns address. example:
website.log: 192.168.80.1 - - [31/Jul/2022:01:16:14 +0200] “GET /19477/ HTTP/1.0” 404 121784
website_error.log:
[Sun Jul 31 00:41:35.548262 2022] [access_compat:error] [pid 2737475:tid 140163690780416] [client 192.168.80.1:51272] AH01797: client denied by server configuration:
eris
August 2, 2022, 5:56pm
3
Google set_real_ip_from nginx
It doesn’t work, in the domain log of apache2, it still says 192.168.80.1 and there are times when it writes cloudflare’s ip.
my system:
Hestia Control Panel:
v1.6.5 Operating System:
Debian 11.4 (x86_64)
my conf:
/home/example-1/conf/web/example.hu/nginx.conf
#=========================================================================#
Default Web Domain Template
DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS
#=========================================================================#
server {
listen 192.168.80.1:80;
server_name example.hu www.example.hu;
include /home/example-1/conf/web/example.hu/nginx.forcessl.conf*;
location / {
proxy_pass http://192.168.80.1:8080;
set_real_ip_from 192.168.80.1;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
root /home/example-1/web/example.hu/public_html;
access_log /var/log/apache2/domains/example.hu.log combined;
access_log /var/log/apache2/domains/example.hu.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/example-1/web/example.hu/document_errors/;
}
location @fallback {
proxy_pass http://192.168.80.1:8080;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
include /home/example-1/conf/web/example.hu/nginx.conf_*;
include "/etc/nginx/vhosts.d/cloudflare.conf";
}
cf:
/etc/nginx/vhosts.d/cloudflare.conf
real_ip_header CF-Connecting-IP;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
/var/log/apache2/domains/example.hu.log
192.168.80.1 - - [02/Aug/2022:23:59:47 +0200] "GET
77.102.31.219 - - [02/Aug/2022:23:59:47 +0200] "GET
192.168.80.1 - - [02/Aug/2022:23:59:48 +0200] "GET
77.102.31.219 - - [02/Aug/2022:23:59:49 +0200] "GET
Nginx has already been restarted, it doesn’t help!
pluto
August 3, 2022, 4:33am
7
You’re looking at apache logs, so you probably want to delve into the apache config to solve this problem. From memory, look at the rpaf and remoteip modules, and then you might also need to alter the apache logging directive in apache.conf
Hope this points you in the right direction
1 Like
I’ve had so many problems that I have this:
86.
my example public ip: 81.157.55.48
81.157.55.48 - - [03/Aug/2022:16:44:40 +0200] “GET /15173/ HTTP/1.0” 404 121830 “https://example.hu/15173/ ” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0”
But only for this 1, it does not return the ip, but enters our public ip address, which is a big problem, because it floods the website and apache2 stops after a while.
I’ve noticed that it probably won’t return the ip address unless your request runs into a 404 error. If this helps as information.
system
Closed
September 5, 2022, 4:45pm
11
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.