Logs nat network, not public ip for log

Hello!

How can it be resolved that the user’s IP is displayed in the apache log and error log files? Currently, the server is operating from a natolt network (due to ddos protection behind vpn). and write the vpns address. example:

website.log: 192.168.80.1 - - [31/Jul/2022:01:16:14 +0200] “GET /19477/ HTTP/1.0” 404 121784

website_error.log:

[Sun Jul 31 00:41:35.548262 2022] [access_compat:error] [pid 2737475:tid 140163690780416] [client 192.168.80.1:51272] AH01797: client denied by server configuration:

Please help?

Google set_real_ip_from nginx

This?:

Yes …

It doesn’t work, in the domain log of apache2, it still says 192.168.80.1 and there are times when it writes cloudflare’s ip.

my system:

Hestia Control Panel:

v1.6.5 Operating System:

Debian 11.4 (x86_64)

my conf:

/home/example-1/conf/web/example.hu/nginx.conf

#=========================================================================#

Default Web Domain Template

DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS

Web domains and SSL Certicates — Hestia Control Panel documentation

#=========================================================================#

server {
listen 192.168.80.1:80;
server_name example.hu www.example.hu;

include /home/example-1/conf/web/example.hu/nginx.forcessl.conf*;

location / {
    proxy_pass      http://192.168.80.1:8080;
	set_real_ip_from  192.168.80.1;

    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
        root           /home/example-1/web/example.hu/public_html;
        access_log     /var/log/apache2/domains/example.hu.log combined;
        access_log     /var/log/apache2/domains/example.hu.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/example-1/web/example.hu/document_errors/;
}

location @fallback {
    proxy_pass      http://192.168.80.1:8080;
}

location ~ /\.(?!well-known\/|file) {
   deny all; 
   return 404;
}

include /home/example-1/conf/web/example.hu/nginx.conf_*;
include "/etc/nginx/vhosts.d/cloudflare.conf";

}

cf:

/etc/nginx/vhosts.d/cloudflare.conf

real_ip_header CF-Connecting-IP;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;

/var/log/apache2/domains/example.hu.log

192.168.80.1 - - [02/Aug/2022:23:59:47 +0200] "GET
77.102.31.219 - - [02/Aug/2022:23:59:47 +0200] "GET
192.168.80.1 - - [02/Aug/2022:23:59:48 +0200] "GET
77.102.31.219 - - [02/Aug/2022:23:59:49 +0200] "GET

Nginx has already been restarted, it doesn’t help!

You’re looking at apache logs, so you probably want to delve into the apache config to solve this problem. From memory, look at the rpaf and remoteip modules, and then you might also need to alter the apache logging directive in apache.conf
Hope this points you in the right direction

1 Like

thanks: How to get X-Forwarded-For IP addresses in Apache Web Server - Globo.Tech

Yes working! :slight_smile:

1 Like

I’ve had so many problems that I have this:
86.

my example public ip: 81.157.55.48

81.157.55.48 - - [03/Aug/2022:16:44:40 +0200] “GET /15173/ HTTP/1.0” 404 121830 “https://example.hu/15173/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0”

But only for this 1, it does not return the ip, but enters our public ip address, which is a big problem, because it floods the website and apache2 stops after a while.

I’ve noticed that it probably won’t return the ip address unless your request runs into a 404 error. If this helps as information.