Incorrect IP addresses are logged by Plesk behind a Cloudflare or Google Cloud Load Balancing

Follow

Comments

8 comments

  • Avatar
    Emanuel Schiendorfer

    Now it's working for me... You have to use the load balancer config, even if you don't use cloudflare load balancer... AND only use the load balancer config. Copying both leads to an error as the line 

    real_ip_header CF-Connecting-IP;

    is duplicated. Pretty obvious, but if you just copy paste, you might run into it ^^

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hello, Q

    Thank you for the feedback. `-L` option was added to the curl command in script so it'll follow redirection from now on.

    0
    Comment actions Permalink
  • Avatar
    Mohd Yaakob

    when i execute cf.sh my server still log cloudflare ip. i check on php info i cant find

    $_SERVER['CF_CONNECTING_IP']

    i just find

    $_SERVER['HTTP_X_FORWARDED_FOR']

    That why i change a little to cf.sh script.

    0
    Comment actions Permalink
  • Avatar
    Mohd Yaakob

    I change this code on line 21 from

    sed -i '1ireal_ip_header CF-Connecting-IP' $CFTEMP

    To

    sed -i '1ireal_ip_header X-Forwarded-For' $CFTEMP

    and work fine to me.

    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Hi, Mohd Yaakob

    Could you clarify the conditions, when that change in the script is necessary?

    Out of the box on staging environment with CloudFlare-proxied domain I did not encounter issues.

    0
    Comment actions Permalink
  • Avatar
    Q

    This script at https://raw.githubusercontent.com/plesk/kb-scripts/master/cf-nginx-ip-passthrough/cf.sh appears to have stopped working over the past 24 hours. This causes the script to halt silently, disabling the Cloudflare nginx configuration.

    Debugging it shows that it is failing with the CURL call. Perhaps there has been a change at Cloudflare...

    Adding a trailing slash (/) after the URL for both IPv4 and IPv6 requests in the curl commands seems to fix the issue. Change the following lines in the cf.sh script:

    Change from:

    curl -sS https://www.cloudflare.com/ips-v4 >$cfTemp && printf "\n" >> $cfTemp
    curl -sS https://www.cloudflare.com/ips-v6 >>$cfTemp

    to:

    curl -sS https://www.cloudflare.com/ips-v4/ >$cfTemp && printf "\n" >> $cfTemp
    curl -sS https://www.cloudflare.com/ips-v6/ >>$cfTemp

    Then remove the cf-stop file and rerun the script:

    rm /etc/nginx/conf.d/cf-stop && bash cf.sh
    0
    Comment actions Permalink
  • Avatar
    Emanuel Schiendorfer

    The solution for nginx (single domain) is not working:

    If I just add real_ip_header CF-Connecting-IP; The IP is still wrong...

    If I try to add the whole code given, I get an error:

    Invalid nginx configuration: nginx: [emerg] "real_ip_header" directive is duplicate in /var/www/vhosts/system/something/conf/vhost_nginx.conf:27 nginx: configuration file /etc/nginx/nginx.conf test failed
    0
    Comment actions Permalink
  • Avatar
    Stefan Yakubov

    Mohd Yaakob

    It's not related to PHP anyhow.

    Unless custom configuration is being applied, provided script does work out of the box as is.

    In case it does the trick in your case, thanks for sharing. It might be useful for some.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request