How do I restore original visitor IP with Lighttpd?

To have Lighttpd automatically rewrite the server IP for the access logs and for your application, you can follow one of the two solutions below.

If your origin only connects to the internet via IPv4:

Step 1: Open your lighttpd.conf file and add "mod_extforward" to the server.modules list. It must come after "mod_accesslog" to show the real IP in the access logs (eg- http://cl.ly/9fRX).

Step 2: Add the following code block anywhere in the lighttpd.conf file after the server modules list.

$HTTP["remoteip"] == "199.27.128.0/21" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "173.245.48.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.21.244.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.22.200.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "103.31.4.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "141.101.64.0/18" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "108.162.192.0/18" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "190.93.240.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "188.114.96.0/20" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "197.234.240.0/22" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "198.41.128.0/17" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "162.158.0.0/15" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "104.16.0.0/12" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}
$HTTP["remoteip"] == "172.64.0.0/13" {
extforward.forwarder = ( "all" => "trust" )
extforward.headers = ("CF-Connecting-IP")
}

Step 3: Restart Lighttpd.

If your origin connects to the internet with IPv6:

The Lighttpd documentation states that the field $HTTP["remoteip"] which is required for matching the remote IP ranges, does not work when IPv6 is enabled. Using the above method will not work when trying to forward IP ranges.

Here,an alternative solution to forward the original IPv6 address using Lighttpd is to trust all proxies (not recommended by Lighttpd). This can be done by: 

Step 1. Setting mod_accesslog before mod_extforward in the server.modules list 

Step 2. Adding the following lines to lighttpd.conf: 

extforward.forwarder = ( "all" => "trust" ) 
extforward.headers = ("CF-Connecting-IP")

Step 3: Restart Lighttpd.

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk