Getting the Real IP of a Client

When utilizing a HTTP reverse proxy connections will be made from the filtered IP address to your backend web server. Without modification to the backend web server or software the IP address of connecting users may be hidden, instead appearing as if connected as the Filtered IP. To combat this we provide a HTTP header containing the connecting clients IP address and instructions on how to utilize either a web server module or to modify software to users correct IP address (Real IP).

This tutorial is only applicable to the HTTP(s) port types. For TCP & UDP Services use GRE/IP-in-IP tunnels (on Windows and Linux).

How it Works

To provide this functionality a HTTP header (Layer 7) is added to requests sent to your backend web server containing the clients real IP address. This Real IP address header (defaulting to X-Real-IP), received from a trusted server (your proxy IP) is then utilized by the web server in place of the Layer 3 IP address.

Where the customer is connecting from 123.123.123.123 a request (with this header) could look like:

GET /page HTTP/1.1
Host: www.example.com
X-Real-IP: 123.123.123.123
[...]

Changing the header

While we recommend the default header name (X-Real-IP) due to it having a low chance of conflict the header name can be changed at the port level in your dashboard. To change the default see the "Backend Real IP header" setting on the HTTP Options page.

Installation as Server Module

Installation as a server module should be preferred. This method allows for the client IP address to be transparent to the application (not requiring any modification or compatibility) as well as for it to be used in Layer 7 access logs, rate-limits and ACLs.

Guides by Operating System and Web Server software:

Installation as a software modification

If it is not possible to install a server module in your environment then a software level modification is possible. This is a common restriction in shared hosting environments.

Guides by Web Programming Language: