Fasterize serves your web pages and therefore all queries to your origin will come from the IP addresses of the Fasterize platform.
Using a proxy-like service like Fasterize, the original server logs will display the Fasterize machine IPs instead of the IP Client. This makes the IP Client anonymous, which prevents the prevention of abusive activity for a particular IP.
X-Forwarded-For et True-Client-IP
To obtain the IP address of users on your original servers, we have added two HTTP headers to requests to your server: X-Forwarded-For ou True-Client-IP.
The X-Forwarded-For header is a list of IP addresses that forwarded the request. The first IP address is the IP address of the browser.
HTML
X-Forwarded-For: client, proxy1, proxy2
True-Client-IP: clientTest the compatibility of your server
It is possible to emulate the Fasterize connection using the Chrome ModHeader extension to insert the X-Forwarded-For header that would be sent in the request headers to your server.
For example, you can add the following header X-Forwarded-For: 109.190.109.118 via the extension and order a product on your site. Then, just look in the logs of your server and in the backoffice if the IP address 109.190.109.118 is well recovered.
Implementation on your server
Here are some tips to correctly configure your web server to retrieve the value of the header X-Forwarded-For:
- Apache : we recommend using the RemoteIP module .
You can compile and install the module with
apxs -i -a -c mod_remoteip.c
Then add this line in your Apache vhost
RemoteIPHeader True-Client-IP
- Nginx : we recommend the use of RealIP
- Varnish: The logic of vcl_recv must contain:
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}- IIS : To configure IIS from version 8.5: https://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85 . For other versions, the add-on Advanced Logging must be installed. It can be downloaded here . Once installed on the IIS server, you will have an additional option called "Advanced Logging" in IIS.
Updating server logs
If you do not want to add a module for Apache or Nginx , you can only add the client IP address in the logs.
For Apache , open the /etc/httpd/conf/httpd.conf file , replace the CustomLog line with:
LogFormat "%{True-Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf True-Client-IP "^.*\..*\..*\..*" forwarded
CustomLog "/usr/local/apache/domlogs/mydomain.com" combined env=!forwarded
CustomLog "/usr/local/apache/domlogs/mydomain.com" proxy env=forwarded
Apache will then choose the correct log format based on the detection of the True-Client-IP header.
Implementation on your CMS
If you can not change the code of your server, you can modify your CMS to manage proxies:
- WordPress : Use the Proxy Real IP or Real IP plugin .
- Magento 1 and 2 : You must add the following section on your local.xml to correctly interpret the True-Client-IP or X-Forwarded-For headers in the <global> tag:
<remote_addr_headers> <!-- list headers that contain real client IP if webserver is behind a reverse proxy --> <header1>HTTP_TRUE_CLIENT_IP</header1> <header2>HTTP_X_FORWARDED_FOR</header2> </remote_addr_headers>
- PHP : If your website or application is written in PHP, the real IP address of users can be retrieved using the server variable
$_SERVER['HTTP_X_FORWARDED_FOR'].
IP blocking via .htaccess
If you are currently using an IP address blocking for a folder on your site, simply update to the following:
Order Deny,Allow Deny from all Allow from 172.135.135.234 Allow from 172.135.135.235
towards :
Order Deny,Allow Deny from all SetEnvIf X-Forwarded-For "^172\.135\.1135\.234" AllowAccess_1 SetEnvIf X-Forwarded-For "^172\.135\.1135\.235" AllowAccess_2 Allow from env=AllowAccess_1 Allow from env=AllowAccess_2
Scenarios using IP addresses
Here are some scenarios for which you need to use the IP address of users on your servers:
- Serve different content based on the location of users, determined by the IP address.
- Check if user session requests come from the same machine. This practice is common for websites such as forums and couriers.
- Prevent abuse by blocking requests when there are many to come from the same IP address.
- Detect fraud.
- Analyze user behaviors.
- ...
If your website is affected by any of the above situations, we strongly recommend that you change your original server to use the header X-Forwarded-For ou True-Client-IP.
Even if your server does not currently use the IP address of users, the situation may change in the future. For this reason, we recommend that you make these changes in all cases. You do not incur any risk to make these changes even if you do not use the IP address of users to date.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article