Incorrect IP addresses are logged by Plesk behind a Cloudflare or Google Cloud Load Balancing

Follow

Comments

4 comments

  • Avatar
    Chris D (Edited )

    Hello Mikhail,

    having exactly this issue now.Having Apache and Nginx Recerse Proxy together with CF Free. Moving to a new host now, and have there the CF Server Shield Extension not available in the Web-catalog anymore, why is the CF Extension not available, this would fix the issue directly?

    On my old Host i have the CF Server Shield Extension still installed, when i check there i have the File cloudflare.conf with the following entries:

    # $remote_addr rewriting in case of NGINX behind CloudFlare.
    # See also mod_cloudflare Apache module configuration.

    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2c0f:f248::/32;
    set_real_ip_from 2a06:98c0::/29;

    real_ip_header CF-Connecting-IP;

     

    As you can see on the bottom of the File is the entry real_ip_header CF-Connecting-IP; included., is this correct?

    Can you please let me know if really just the Ngix Conf has to be adapted, or as well Apache Config? Also what is with Fail 2 Ban or Firewall, WAF etc. must the CF Ips excluded there as well, is there a manual somewhere??

    I really dont understand why the CF Extension is not available in the Webcatalog anymore, and i guess im not the only Plesk User with Cloudflare Free Account, having this issues...

    Is there the possibility to download / install the last CF Server Shield Extension??

    Thx

    Chris

    0
    Comment actions Permalink
  • Avatar
    Mikhail Shport

    Hello Chris,

    The ServerShield by Cloudflare extension is not available for installation anymore. You may read additional details here:

    Why ServerShield by CloudFlare is not available for installation or purchase in Plesk?

    In general, it should be enough to add the Additional Directives for nginx. However, you may check it with Cloudflare support or a Network administrator.

    0
    Comment actions Permalink
  • Avatar
    ray (Edited )

    Hi, I have Plesk set up as default as Nginx ( Reverse Proxy Server ) > Apache.
    When following the guide for the Server-wide solution with Nginx enabled I get errors:
    When I run the provided script cf.sh with the Plesk Scheduled Tasks I get this error: 

    Nginx is not in use on this Plesk server. Exiting... /cf.sh: line 7: /usr/local/psa/admin/bin/nginxmng: No such file or directory.

    When I run the provided script in SSH /root/cf.sh I get this error:

    # /root/cf.sh
    Previous execution of the script failed!
    There is /etc/nginx/conf.d/cf-stop
    Review the script functional and remove the /etc/nginx/conf.d/cf-stop
    The script execution was halted.

    How can I fix this?

    0
    Comment actions Permalink
  • Avatar
    Sebastian Suárez (Edited )

    The documentation is not complete because:

    Server-wide solution with Apache only only has the steps for Centos, in Debian for example there is no

    /etc/httpd/conf/httpd.conf directory.

    but:  /etc/apache2/conf-enabled

    The documentation is incomplete for Debian and Ubuntu which are the most in need of this guide as Plesk does not keep the Cloudflare module up to date.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request