Getting the Real IP of a Client
When utilizing a HTTP reverse proxy connections will be made from the filtered IP address to your backend web server. Without modification to the backend web server or software the IP address of connecting users may be hidden, instead appearing as if connected as the Filtered IP. To combat this we provide a HTTP header containing the connecting clients IP address and instructions on how to utilize either a web server module or to modify software to users correct IP address (Real IP).
This tutorial is only applicable to the "HTTP" port type. For TCP & UDP Services GRE/IPIP tunnels or on Windows a VPN based method is possible.
How it Works:
To provide this functionality a HTTP header (Layer 7) is added to requests sent to your backend web server containing the clients real IP address. This Real IP address header (X-Real-IP), received from a trusted server (your proxy IP) is then utilized by the web server in place of the Layer 3 IP address.
Where the customer is connecting from 22.214.171.124 a request (with this header) could look like:
GET /page HTTP/1.1 Host: www.example.com X-Real-IP: 126.96.36.199 [...]
Installation as Server Module
Installation as a server module should be preferred. This method allows for the client IP address to be transparent to the application (not requiring any modification or compatibility) as well as for it to be used in Layer 7 access logs, rate-limits and ACLs.
Guides by Operating System and Web Server software:
Installation on IIS differs depending on server version. For setup of the newest version of IIS see the following Microsoft Resource
Installation as a software modification
If it is not possible to install a server module in your environment then a software level modification is possible. This is a common restriction in shared hosting environments.
Guides by Web Programming Language: