Show Visitor IPs¶
When using CloudFlare CDN or other reverse proxy in front of your OpenLiteSpeed Web Server, you may see a proxy IP instead of the real IP addresses of visitors. With the changes described below, you can configure OLS to show the real visitor IP in your access logs.
This is a two step process. Be sure to complete both steps.
Use Trusted Client IPs¶
Navigate to OpenLiteSpeed WebAdmin Console > Server Configuration > General Settings. Set Use Client IP in Header to Trusted IP Only
.
It is not recommended to set Use Client IP in Header to Yes
, because it allows clients to spoof IPs with the X-Forwarded-For
header that is sent to Cloudflare.
Add Proxy IPs to Trusted List¶
Add the list of proxy IP subnets (Cloudflare's are available on their website) to Access Control > Allowed List in a comma-separated list, appending a T
(for "Trusted") to the end of each IP, like so:
ALL, 192.0.2.0/24T, 192.0.2.1/24T, 192.0.2.2/24T
Be sure to replace our example IP addresses with the correct IP subnets for your proxy.
If you have another layer of proxy set up in front of OpenLiteSpeed Web Server on the same server box (i.e. Cloudflare Railgun, nginx, or Varnish), you will also need to add that server IP to the trusted list.
Once enabled, your access logs will show the correct IP addresses and even PHP's $_SERVER['REMOTE_ADDR']
variable will contain your visitors' real IP addresses instead of a proxy IP address. This will resolve most problems that might occur when enabling reverse proxy on PHP-enabled web sites (like WordPress or vBulletin installations).
Note
Only the access log shows real visitor IPs. The error log still shows the IPs of proxy nodes. This may change in a future release.