69 lines
2.5 KiB
Plaintext
69 lines
2.5 KiB
Plaintext
Mengingat Cloudflare bertindak sebagai reverse proxy dari situs, maka peladen web //server// asal secara default akan me-//log// alamat IP cloudflare bukan alamat asli pengunjung situs.
|
|
|
|
= Apache
|
|
== Enable mod_remoteip by issuing the following command:
|
|
```
|
|
sudo a2enmod remoteip
|
|
```
|
|
|
|
== Tambahkan RemoteIPHeader CF-Connecting-IP
|
|
```
|
|
...
|
|
RemoteIPHeader CF-Connecting-IP
|
|
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
...
|
|
```
|
|
|
|
== Tambahkan //trusted proxy//
|
|
Setelah itu tambahkan alamat IP Cloudflare ke daftar proksi tepercaya (//trusted proxy//) di `/etc/apache2/conf-available/remoteip.conf`.
|
|
|
|
```
|
|
RemoteIPHeader CF-Connecting-IP
|
|
RemoteIPTrustedProxy 192.0.2.1 103.21.244.0/22
|
|
RemoteIPTrustedProxy 192.0.2.2 103.22.200.0/22
|
|
RemoteIPTrustedProxy 192.0.2.3 103.31.4.0/22
|
|
RemoteIPTrustedProxy 192.0.2.4 104.16.0.0/13
|
|
RemoteIPTrustedProxy 192.0.2.5 104.24.0.0/14
|
|
RemoteIPTrustedProxy 192.0.2.6 108.162.192.0/18
|
|
RemoteIPTrustedProxy 192.0.2.7 131.0.72.0/22
|
|
RemoteIPTrustedProxy 192.0.2.8 141.101.64.0/18
|
|
RemoteIPTrustedProxy 192.0.2.9 162.158.0.0/15
|
|
RemoteIPTrustedProxy 192.0.2.10 172.64.0.0/13
|
|
RemoteIPTrustedProxy 192.0.2.11 173.245.48.0/20
|
|
RemoteIPTrustedProxy 192.0.2.12 188.114.96.0/20
|
|
RemoteIPTrustedProxy 192.0.2.13 190.93.240.0/20
|
|
RemoteIPTrustedProxy 192.0.2.14 197.234.240.0/22
|
|
RemoteIPTrustedProxy 192.0.2.15 198.41.128.0/17
|
|
RemoteIPTrustedProxy 192.0.2.16 2400:cb00::/32
|
|
RemoteIPTrustedProxy 192.0.2.17 2606:4700::/32
|
|
RemoteIPTrustedProxy 192.0.2.18 2803:f800::/32
|
|
RemoteIPTrustedProxy 192.0.2.19 2405:b500::/32
|
|
RemoteIPTrustedProxy 192.0.2.20 2405:8100::/32
|
|
RemoteIPTrustedProxy 192.0.2.21 2a06:98c0::/29
|
|
RemoteIPTrustedProxy 192.0.2.22 2c0f:f248::/32
|
|
```
|
|
|
|
= Caddy
|
|
Di direktori `/etc/caddy/Caddyfile.d/` buat `10-trusted_proxy.caddyfile`. Masukkan semua alamat IP Cloudflare ke `trusted_proxies``.
|
|
```
|
|
{
|
|
servers {
|
|
# all traffic come from cloudflare cdn
|
|
trusted_proxies cloudlfare [cloudflare-ip-address]
|
|
}
|
|
}
|
|
```
|
|
|
|
Kemudian tambahkan `X-Forwarded-For` dan `CF-Connecting IP` ke konfigurasi situs.
|
|
```
|
|
yoursite.com {
|
|
# forward request to golang backend
|
|
reverse_proxy [::]:8080
|
|
encode gzip
|
|
client_ip_headers X-Forwarded-For Cf-Connecting-IP
|
|
}
|
|
```
|
|
= Referensi
|
|
[[https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/ | Restoring original visitor IPs]] di Cloudflare Docs. |