Hello, I switched a domain name behind Sucuri CloudProxy there shortly. I managed to get the geolocation of IP visitors in Wordpress, no problem on that side. I cons by a problem for the site logs recorded by ispconfig: # cat /var/log/ispconfig/httpd/my_domain.com/access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20 1402 185.93.228.2 273 185.93.230.2 27 185.93.229.2 25 192.88.135.2 etc. I only logs the IP proxy .. I tried to install apache2 Module remoteip: # a2enmod remoteip And I configured: <ifModule mod_remoteip.c> RemoteIPHeader HTTP_X_SUCURI_CLIENTIP RemoteIPHeader HTTP_X_FORWARDED_FOR RemoteIPHeader HTTP_X_REAL_IP </ifModule> I also try the classic: RemoteIPHeader X-Forwarded-For Nothing to do, it is always the IP of the proxy are recorded. I tried to change the configuration of ispconfig in /etc/apache2/sites-available/ispconfig.conf I change LogFormat "%v %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig by LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig No changes. I also try with the logging in apache.conf conf. I'm stuck, I can not do it... For information the headers contain the good informations: $_SERVER['HTTP_X_SUCURI_CLIENTIP'] 142.68.128.163 $_SERVER['HTTP_X_REAL_IP'] 142.68.128.163 $_SERVER['HTTP_X_FORWARDED_PROTO'] https $_SERVER['HTTP_X_FORWARDED_FOR'] 142.68.128.163 If someone has an idea how to log the ip client logs of ISPConfig it would be very cool! Edit: Debian Jessie UptoDate / Ispconfig 3.1.1 / Apache2 2.4.10-10+deb8u7 I Posted in the wrong Forum... https://www.howtoforge.com/community/threads/sucuri-cloudproxy-and-logging.74589/
I get it: In /etc/apache2/sites-available/ispconfig.conf LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig But: # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. # Use mod_remoteip instead. https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html It is critical to only enable this behavior from intermediate hosts (proxies, etc) which are trusted by this server, since it is trivial for the remote useragent to impersonate another useragent. So... I'm still stuck!