Show Real Visitor IP while using OpenLiteSpeed
Why?
To get real visitors IPs for access control and traffic analysis while using proxy servers, e.g. Cloudflare.
Since OpenLiteSpeed admin panel is not available along with ispmanager 6 installed on the same server, you need to set up directive for option “Use Client IP in Header” manually in the web server’s configuration file “/usr/local/lsws/conf/httpd-config.conf”.
The directive “useIpInProxyHeader” specifies whether to use the IP address listed in the “X-Forwarded-For”, like the option “Use Client IP in Header” does. The directive is not set up by default if the web server was installed via ispmanager 6 or its installation script.
It is recommended to add the directive “useIpInProxyHeader” after “showVersionNumber”, e.g.:
mime conf/mime.properties
showVersionNumber 0
useIpInProxyHeader 1
adminEmails root@localhostThe directive has next possible values:
- 0 - disabled
- 1 - enabled
- 2 - trusted IP Only
- 3 - keep Header from trusted IP
It is not recommended to set value “1”, because it allows clients to spoof IPs with the "X-Forwarded-For" header that is sent to CloudFlare.
To restore real visitor IPs, set the directive values as “2” and then add trusted IPs or/and subnets to the trusted list into the “accessControl” section within the “allow” rule.
IP subnets must be added in a comma-separated list appending a T (for “Trusted”) to the end of each IP, like so:
accessControl {
allow ALL, 125.67.22.0/24T, 19.76.213.2/32T
}