How to get the real IP address using CloudFlare and nginx CWP – CentOS Web Panel

by Sandy

In this tutorial we’ll be configuring Cloudflare real ip under nginx server, when using cloudflare protection on your websites the visitor’s real ip doesn’t shows up instead it will show the cloudflare’s ip, since cloudflare act as reverse proxy and hence visitor’s ip will be masked and replaced with cloudflare ip and It is difficult to find abuser, spammers when you want to block them.

Lets get started with the simple configuration For enabling cloudflare real ip:

Ensure you’ve nginx real ip module installed you can verify via this command :

nginx -V 2>&1 | grep -o with-http_realip_module

it will output :

[root@mysterydata]# nginx -V 2>&1 | grep -o with-http_realip_module
with-http_realip_module

that means real ip module is already installed and if you get blank output then you need to install it, for cwp/centos, ubuntu it is already installed by default

To enable clouflare real ip config navigate to /etc/nginx/ and edit the nginx.conf file :

nano /etc/nginx/nginx.conf

and add this config under http {  (before } ) :

    # Cloudflare Real IP Nginx
    set_real_ip_from   103.21.244.0/22;
    set_real_ip_from   103.22.200.0/22;
    set_real_ip_from   103.31.4.0/22;
    set_real_ip_from   104.16.0.0/12;
    set_real_ip_from   108.162.192.0/18;
    set_real_ip_from   131.0.72.0/22;
    set_real_ip_from   141.101.64.0/18;
    set_real_ip_from   162.158.0.0/15;
    set_real_ip_from   172.64.0.0/13;
    set_real_ip_from   173.245.48.0/20;
    set_real_ip_from   188.114.96.0/20;
    set_real_ip_from   190.93.240.0/20;
    set_real_ip_from   197.234.240.0/22;
    set_real_ip_from   198.41.128.0/17;
    set_real_ip_from   2400:cb00::/32;
    set_real_ip_from   2606:4700::/32;
    set_real_ip_from   2803:f800::/32;
    set_real_ip_from   2405:b500::/32;
    set_real_ip_from   2405:8100::/32;
    set_real_ip_from   2c0f:f248::/32;
    set_real_ip_from   2a06:98c0::/29;
    real_ip_header     CF-Connecting-IP;

and restart nginx service :

service nginx restart

example nginx config with cloudflare real ip config :

# Nginx config starts here
user nobody;
worker_processes auto;
worker_rlimit_nofile 20480;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
	worker_connections 4096; # increase for busier servers
	use epoll; # you should use epoll for Linux kernels 2.6.x
	multi_accept on;
}
http {
	open_file_cache max=5000 inactive=30s;
	open_file_cache_valid 120s;
	open_file_cache_min_uses 2;
	open_file_cache_errors off;
	open_log_file_cache max=1024 inactive=30s min_uses=2;
	server_names_hash_max_size 10240;
	server_names_hash_bucket_size 1024;
	include mime.types;
	default_type application/octet-stream;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 20;
	gzip on;
	gzip_vary on;
	gzip_disable "MSIE [1-6]\.";
	gzip_proxied any;
	gzip_http_version 1.1;
	gzip_min_length 1000;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml application/javascript application/json;
	ignore_invalid_headers on;
	client_header_timeout 3m;
	client_body_timeout 3m;
	client_max_body_size 200m;
	send_timeout 3m;
	connection_pool_size 256;
	client_header_buffer_size 4k;
	large_client_header_buffers 4 32k;
	request_pool_size 4k;
	output_buffers 4 32k;
	postpone_output 1460;
	proxy_temp_path /tmp/nginx_temp;
	log_format bytes_log "$msec $bytes_sent .";
	# Include site configurations
	include /etc/nginx/conf.d/*.conf;
    # Cloudflare Real IP Nginx
    set_real_ip_from   103.21.244.0/22;
    set_real_ip_from   103.22.200.0/22;
    set_real_ip_from   103.31.4.0/22;
    set_real_ip_from   104.16.0.0/12;
    set_real_ip_from   108.162.192.0/18;
    set_real_ip_from   131.0.72.0/22;
    set_real_ip_from   141.101.64.0/18;
    set_real_ip_from   162.158.0.0/15;
    set_real_ip_from   172.64.0.0/13;
    set_real_ip_from   173.245.48.0/20;
    set_real_ip_from   188.114.96.0/20;
    set_real_ip_from   190.93.240.0/20;
    set_real_ip_from   197.234.240.0/22;
    set_real_ip_from   198.41.128.0/17;
    set_real_ip_from   2400:cb00::/32;
    set_real_ip_from   2606:4700::/32;
    set_real_ip_from   2803:f800::/32;
    set_real_ip_from   2405:b500::/32;
    set_real_ip_from   2405:8100::/32;
    set_real_ip_from   2c0f:f248::/32;
    set_real_ip_from   2a06:98c0::/29;
    real_ip_header     CF-Connecting-IP;
}

If this post helps you in any way please consider a donation

Donate with PayPal :

md-donate

Donate with Paytm :

md-donate

You may also like

3
Leave a Reply

avatar
2 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
SandyHoangTnow Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Tnow
Guest
Tnow

I just noticed that on CWP version: 0.9.8.854. It’s automatically done already. In nginx.conf, I saw this toward the end:
include /etc/nginx/cloudflare.inc;

In cloudflare.inc is the list.
# Cloudflare https://www.cloudflare.com/ips
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
#set_real_ip_from 2400:cb00::/32;
#set_real_ip_from 2606:4700::/32;
#set_real_ip_from 2803:f800::/32;
#set_real_ip_from 2405:b500::/32;
#set_real_ip_from 2405:8100::/32;
#set_real_ip_from 2c0f:f248::/32;
#set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;

Hoang
Guest
Hoang

I use CWP with apche + nginx model. Will this tuts still available?