OpenLiteSpeed is a high-performance open source web server developed by LiteSpeed Technologies. It is designed to provide fast and efficient web request processing and can be used for hosting dynamic and static web applications. In this article, let's look at why it is important to display the real IP address of visitors in OpenLiteSpeed and how to do it.
Displaying the real IP address of visitors in OpenLiteSpeed is important for several reasons:
It is also important for access control information for specific IP addresses and for analyzing traffic when using a proxy server such as Cloudflare or DDoS-GUARD. To correctly display the real IP address, proxy servers and load balancers, if they are used in the infrastructure, must be properly configured.
The web interface of the OpenLiteSpeed web server is not available when using ispmanager 6, you can change the value of the "Use Client IP in Header" option only manually in the configuration file "/usr/local/lsws/conf/httpd-config.conf
".The "Use Client IP in Header" option corresponds to the "useIpInProxyHeader" directive and by default it is absent in the standard configuration when working with ispmanager 6.
mime conf/mime.properties
showVersionNumber 0
useIpInProxyHeader 1
adminEmails root@localhost
Values of the "useIpInProxyHeader" directive:
To ensure that the source IP addresses of visitors are correctly displayed in the site logs, it is sufficient to set the value to "1". However, this may not be safe, as it is possible to spoof IP addresses using the "X-Forwarded-For" header that is transmitted through the proxy server. Instead, it is recommended to set the value to "2" and add the trusted IP addresses through which proxying is done to the "allow" rule in the "accessControl" section.
The addresses should be added after the "ALL" value, separated by commas, specifying the subnet mask and adding the suffix "T", for example:
accessControl {
allow ALL, 125.67.22.0/24T, 19.76.213.2/32T
}
This completes the instructions.