Real IP

Getting the Real IP of a Client

When utilizing a HTTP reverse proxy connections will be made from the filtered IP address to your backend web server. Without modification to the backend web server or software the IP address of connecting users may be hidden, instead appearing as if connected as the Filtered IP. To combat this we provide a HTTP header containing the connecting clients IP address and instructions on how to utilize either a web server module or to modify software to users correct IP address (Real IP).

This tutorial is only applicable to the "HTTP" port type. For TCP & UDP Services GRE/IPIP tunnels or on Windows a VPN based method is possible.

How it Works:

To provide this functionality a HTTP header (Layer 7) is added to requests sent to your backend web server containing the clients real IP address. This Real IP address header (X-Real-IP), received from a trusted server (your proxy IP) is then utilized by the web server in place of the Layer 3 IP address.

Where the customer is connecting from 123.123.123.123 a request (with this header) could look like:

GET /page HTTP/1.1
Host: www.example.com
X-Real-IP: 123.123.123.123
[...]

Installation as Server Module

Installation as a server module should be preferred. This method allows for the client IP address to be transparent to the application (not requiring any modification or compatibility) as well as for it to be used in Layer 7 access logs, rate-limits and ACLs.

Guides by Operating System and Web Server software:

Installation as a software modification

If it is not possible to install a server module in your environment then a software level modification is possible. This is a common restriction in shared hosting environments.

Guides by Web Programming Language: