Tag: cloudflare

  • Cloudflare Restore Real IP Address in Cpanel Server

    Cloudflare Restore Real IP Address in Cpanel Server

    When using Cloudflare, website visitors visit the Cloudflare CDN server configured as a reverse proxy server. Cloudflare CDN server fetches pages from your web server and caches them for a while, serving them to subsequent visitors. Your web application may report Cloudflare CDN server IP ad visitor IP as all requests to your website are coming from Cloudflare CDN. This can be a problem when you have an e-commerce website where you need to check visitor IPs to detect fraud signups/orders.

    To restore the original visitor IP for visitors on cPanel Server running the Apache web server, you can use mod_remoteip. You can install mod_remoteip in WHM > EasyApache 4 > Apache Modules

    enable mod_remoteip in cpanel EasyApache

    You can also install mod_remoteip using command line

    dnf install ea-apache24-mod_remoteip

    Login to SSH as user root or WHM > Terminal, then edit the file

    vi /etc/apache2/conf.modules.d/370_mod_remoteip.conf

    At end of the file, add

    RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

    You can find Cloudflare IP address at

    https://www.cloudflare.com/ips/

    Restart Apache

    systemctl restart httpd

    Back to Cloudflare

  • How to block bad bots User-Agents in Cloudflare

    How to block bad bots User-Agents in Cloudflare

    Cloudflare provides a way to block bad bots under

    Domain > Security > Bots.
    Cloudflare block bad bot

    If you want to block one bots that is allowed, you can block them by User Agent. To see what bots visit your website, see How to get list of User-Agent from access log. This will get list of all bots accessing your website from Apache, Nginx or similar webserver access log.

    You can block visitors by User-Agent by going to

    Cloudflare > Domain > Security > WAF

    Click on “Create firewall rule”.

    Cloudflare create firewall rule

    On next page select following values

    Field = User Agent
Operator = contains
Value = Enter the user agent you need to block
    cloudflare create firewall rule

    On this page, you can also add rules by clicking on “Edit expression” link, and then pasting the rule. I used the following rule to block marketing/SEO bots.

    (http.user_agent contains "semrush") or (http.user_agent contains "ahrefs") or (http.user_agent contains "BLEXBot") or (http.user_agent contains "mj12bot") or (http.user_agent contains "opensiteexplorer") or (http.user_agent contains "megaindex") or (http.user_agent contains "dataforseo") or (http.user_agent contains "petalsearch") or (http.user_agent contains "Barkrowler") or (http.user_agent contains "Go-http-client") or (http.user_agent contains "Mechanize") or (http.user_agent contains "Mechanize") or  (http.user_agent contains "woorank") or (http.user_agent contains "spyfu") or (http.user_agent contains "majestic")

    NOTE: Don’t use this rule without knowing what it does, you may not want to block all of these bots. Do your own research on what the bot does before blocking it from your website.

    Related Posts

    How to get list of User-Agent from access log
    How to block Bad Bots (User Agents) using .htaccess

    Back to Cloudflare

  • Allow CloudFlare IP addresses with ipset

    Allow CloudFlare IP addresses with ipset

    IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.

    To allow all Cloudflare IP addresses, you can use

    apt install ipset
ipset create cf4 hash:net
for x in $(curl https://www.cloudflare.com/ips-v4); do ipset add cf4 $x; done
iptables -A INPUT -m set –match-set cf4 src -p tcp -m multiport –dports http,https -j ACCEPT
  • Apache Show Real IP Address when using CloudFlare

    Apache Show Real IP Address when using CloudFlare

    When using Apache web server behind cloudflare, apache logs show cloudflare IP address instead of real visitor IP address. To show actual visitor IP address, you need to install mod_cloudflare apache module.

    Before you can install the module, you need to install following requirments.

    On Debian/Ubuntu server,

    apt-get install apache2-dev libtool git

    Now install mod_cloudflare with

    cd /usr/local/src
git clone https://github.com/cloudflare/mod_cloudflare.git; cd mod_cloudflare
apxs -a -i -c mod_cloudflare.c

    Restart apache web server with

    service apache2 restart

    Verify mod_cloudflare apache module is loaded with

    apachectl -M | grep cloudflare

    apache cloudflare module

  • Nginx CloudFlare restore real ip

    When using Nginx Behind Cloudflare, logs and web applications show Cloudflare sever IP instead of visitor IP.

    To fix this, edit

    vi /etc/nginx/nginx.conf

    Inside “http” section, add

    set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

real_ip_header CF-Connecting-IP;

    You can get updated list of CloudFlare IPs from

    https://www.cloudflare.com/ips

    Restart Nginx with

    service nginx restart

    Example Nginx Config

    https://gist.github.com/serverok/fef5c76bf96f8e016bf64095da4a64dc

    Back to Nginx

  • CloudFlare

    Show Real IP

    Whitelist Cloudflare IP in csf firewall

    for x in $(curl -s https://www.cloudflare.com/ips-v4); do echo "csf -a $x"; done;
  • CloudFlare Page Rules for WordPress

    CloudFlare Page Rules for WordPress

    Here are CloudFlare page rules for WordPress web site.

    yourdomain/wp-admin/*

    Security Level = High
Cache Level = Bypass
Disable Apps
Disable Performance
    CloudFlare Page Rules for WordPress

    yourdomain/wp-content/uploads/*

    Browser Cache TTL =  a day
Cache Level = Cache Everything
Edge Cache TTL = a month

    Configuration Rules

    (http.request.uri wildcard “/wp-login.php*”)

    Security Level = I am Under Attack

    Security > WAF > Custom rules

    Rule name = block xmlrpc

    (http.request.uri wildcard r”/xmlrpc.php*”)

    Choose action = Block