Partners
Methods of payment
Contact
-
Russia8 (800) 707-83-77 -
United Kingdom+44 (20) 4577-20-00 -
USA+1 (929) 431-18-18 -
Israel+972 (55) 507-70-81 -
Brazil+55 (61) 3772-18-88 -
Canada+1 (416) 850-13-33 -
Czech Republic+420 (736) 353-668 -
Estonia+372 (53) 683-380 -
Greece+30 (800) 000-02-04 -
Ireland+353 (1) 699-43-88 -
Iceland+354 (53) 952-99 -
Lithuania+370 (700) 660-08 -
Netherlands+31 (970) 1027-77-87 -
Portugal+351 (800) 180-09-04 -
Romania+40 (376) 300-641 -
Sweden+46 (79) 008-11-99 -
Slovakia+421 (2) 333-004-23 -
Switzerland+41 (22) 508-77-76 -
Moldova+373 (699) 33-1-22
English
Site protection: restore original visitor IPs
- Main
- Knowledge base
- Site protection: restore original visitor IPs
10.04.2025, 19:26
To see the real IP addresses of site visitors, configure X-Forwarded-For decoding for networks from the list that was used when configuring the firewall. Below are examples of such settings for popular web servers.
Apache web server up to version 2.4
Change file /etc/apache2/mods-enabled/rpaf.conf, add following lines:
<IfModule rpaf_module>
RPAFenable On
# When enabled, take the incoming X-Host header
# and update the virtualhost settings accordingly:
RPAFsethostname On
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RPAFproxy_ips 77.220.207.0/24 45.10.240.0/24 45.10.241.0/24 45.10.242.0/24 186.2.160.0/24 186.2.164.0/24 186.2.167.0/24 186.2.168.0/24
# Change the header name to parse from the default
# X-Forwarded-For to something of your choice:
# RPAFheader DDG-Connecting-IP
</IfModule>Apache web server version 2.4 and above
- Deactivate
mod_rpafmodule by commanda2dismod rpaf - Activate
mod_remoteipmodule by commanda2enmod mod_remoteip - Restart Apache service by command:
systemctl restart apache2 - Create or change file
/etc/apache2/conf-available/remoteip.conf, add following lines:
<IfModule remoteip_module>
# Take the incoming X-Host header and
# update the virtualhost settings accordingly:
RemoteIPHeader X-Forwarded-For
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RemoteIPTrustedProxy 77.220.207.0/24 45.10.240.0/24 45.10.241.0/24 45.10.242.0/24 186.2.160.0/24 186.2.164.0/24 186.2.167.0/24 186.2.168.0/24
</IfModule>Nginx web server
Add following lines to file /etc/nginx/nginx.conf in the section http:
set_real_ip_from 77.220.207.0/24;
set_real_ip_from 45.10.240.0/24;
set_real_ip_from 45.10.241.0/24;
set_real_ip_from 45.10.242.0/24;
set_real_ip_from 186.2.160.0/24;
set_real_ip_from 186.2.164.0/24;
set_real_ip_from 186.2.167.0/24;
set_real_ip_from 186.2.168.0/24;The contents of X-Forwarded-For can be forged, but the last address in the chain will always be the real IP from which the request came to our network. This address is also transmitted in the DDG-Connecting-IP header.
The
X-Real-IPheader is proxied unchanged and may contain false information.
Do not use it for security-related functions.
Other articles of the section
