IIS 7 and Above
Real IP for mod_security
Last post Jan 04, 2019 10:03 AM by DevPreSupport_MSFT
Jan 02, 2019 05:36 PM|alexandros_k|LINK
Our website is behind proxy (CloudFlare)
I have used ReWrite to replace both REMOTE_HOST and REMOTE_ADDR with the real IP.
On PHP level is works. When printing those headers i get the real IP.
The problem is that mod_security does not. In the logs it still uses the proxy IP address (refered as "client").
On the IIS ordered module list, mod_security is very last.
Any ideas why this happens?
Jan 04, 2019 10:03 AM|DevPreSupport_MSFT|LINK
If you used the proxy, you may need configure a proxy server that is open and transparent adds a X-Forwarded-For record to the HTTP header.
X-Forwarded-For: user IP
Generally , we can use this format in the request process on IIS for the proxy server:
X-Forwarded-For: user's IP address, Proxy 1-IP address, Proxy 2-IP address, Proxy 3-IP address