Show Real Visitor IP while using OpenLiteSpeed
Since OpenLiteSpeed admin panel is not available along with ispmanager 6 installed on the same server, you need to set up directive for option «Use Client IP in Header»manually in the web server’s configuration file /usr/local/lsws/conf/httpd-config.conf.
The directive useIpInProxyHeaderspecifies whether to use the IP address listed in the «X-Forwarded-For», like the option «Use Client IP in Header»does. The directive is not set up by default if the web server was installed via ispmanager 6 or its installation script.
It is recommended to add the directive useIpInProxyHeaderafter showVersionNumber, e.g.:
mime conf/mime.properties
showVersionNumber 0
useIpInProxyHeader 1
adminEmails root@localhost
The directive has next possible values:
- 0 - disabled
- 1 - enabled
- 2 - trusted IP Only
- 3 - keep Header from trusted IP
It is not recommended to set value 1, because it allows clients to spoof IPs with the «X-Forwarded-For»header that is sent to CloudFlare.
To restore real visitor IPs, set the directive values as 2and then add trusted IPs or/and subnets to the trusted list into the accessControlsection within the allowrule.
IP subnets must be added in a comma-separated list appending a T (for «Trusted») to the end of each IP, like so:
accessControl {
allow ALL, 125.67.22.0/24T, 19.76.213.2/32T
}