API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
Web security
Web security
BillingCreate protected resourceUse Web Security and CDNConfigure protection settingsAdd an SSL certificateRate LimiterSet the Access PolicyDeny accessSet the X-Forward-For headerCheck reports
View eventsCreate rulesRule typesManage triggersSettings
How do I change an A record?What criteria do you analyze?I see lots of requests from several IPs. Could this be an attack?I changed my A record long time ago, but you are not filtering it. What to do?Attackers have found out my origin IP and are attacking it directly. What should I do? directly. What should I do?Who is attacking us?Will a blacklisted user get unblocked after a particular time?During a DDoS attack, we changed your IP address, but we still have problems with the performance. Why?Do you protect against attacks targeted at DNS?Can you disable the protection for some time for the entire site or certain parts of the site?How long does the service enabling take?Which web crawlers doesn't your service block?Force an IP banGet all banned IP addresses for all resourcesRenew SSL certificates
API
Chosen image
Home/Web security/

Get actual IP addresses of visitors from the X-Forward-For header

Why use the X-Forwarded-For header

When you enable Web Application Security, our servers function as a reverse proxy and filter requests to your server. By default, only our IP addresses will be visible in the access logs. If you want to obtain the actual IP addresses of your visitors, you can configure your system to retrieve the addresses from the X-Forwarded-For header using the realip module.

Configure the realip module on your server

Nginx

1. Use the ngx_http_realip_module and add two key directives: set_real_ip_from and real_ip_header.

  • The set_real_ip_from directive specifies the trusted subnets.
set_real_ip_from 9х.ххх.ххх.х/24;  
set_real_ip_from 1хх.ххх.ххх.0/24;  
set_real_ip_from 9х.ххх.ххх.х/24;

Contact the support team via email at support@gcore.com or through chat to get the up-to-date list of subnets.

  • The real_ip_header directive indicates that the IP addresses are contained in the X-Forwarded-For header.
real_ip_header X-Forwarded-For;

2. (Optional) Add $http_x_forwarded_for variable in the log_format directive to display visitors' real IP addresses in access logs.

3. Restart Nginx.

Apache

1. Use the mod_remoteip module for configuration and several key directives to the configuration file, with minor differences depending on the OS (RHEL/CentOS or Debian/Ubuntu).

  • The following directive specifies that the remoteip module should be loaded:
# LoadModule remoteip_module modules/mod_remoteip.so ()
  • The following directive indicates that the IP addresses are contained in the X-Forwarded-For header:
# RemoteIPHeader X-Forwarded-For
  • The following directives indicate that the Gcore nodes are trusted:
# RemoteIPTrustedProxy 9х.ххх.ххх.х/24;  
# RemoteIPTrustedProxy 1хх.ххх.ххх.х/24;  
# RemoteIPTrustedProxy 9х.ххх.ххх.х/24;

Contact the support team via email at support@gcore.com or through chat to get the up-to-date list of subnets.

2. Save changes.

3. Restart Apache.

Was this article helpful?

Not a Gcore user yet?

Discover the all-in-one Web security solution by Gcore

Go to the product page
Edit on GitHub