How to Get Client IP from AWS, Google Cloud LB & Cloud Flare in Nginx?

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

By Chandan Kumar on May 6, 2018

Posted in

Setting up a web application in the cloud is always fun and exciting. Recently, I launched Site Toolbox tool which is hosted in AWS behind Cloud Flare.

I am using AWS application load balancer and Nginx as a web server. After making live, I went to see the access.log and noticed all requests were marked as coming from internal (load balancer) IP.

This is something not good if you want to analyze your web server logs for visitor location. I realized that I am missing or need to do some configuration changes to restore the client IP.

Are you in the same situation as I was?

Well, here is how you can get the client IP in your Nginx access logs.

Getting Visitor IP from AWS or Google Cloud LB

Login to your Nginx web server
Go to path where it’s installed (default location /etc/nginx)
Take a backup of nginx.conf file
Add the following under http block

real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;

Restart the Nginx and you should see the visitor’s IP in your access.log file

If you are behind Cloud Flare then you will see Cloud Flare IP instead of client’s IP so you got to do the below as well.

Getting Client IP from Cloud Flare

Cloud Flare is great CDN and Security provider and I absolutely love it. If you are using Cloud Flare like me and would like to restore the visitor IP in web server log then here is how you can do it.

Assuming you are logged into Nginx server

Take a backup of your site configuration file (usually here – /etc/nginx/sites-available/yourdomain)

Add the following at the beginning of the file

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;

Restart Nginx and you should see the client IP now. This has helped me and I hope you too. Let me know how it goes.

TAGS:

Power Your Business

Netsparker

Netsparker uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities with proof of exploit, thus making it possible to scan thousands of web applications and generate actionable results within just hours.

Try Netsparker

Kinsta

Probably the best managed WordPress cloud platform to host small to enterprise sites. Kinsta leverages Google's low latency network infrastructure to deliver content faster. Free SSL, CDN, backup and a lot more with outstanding support. You'll love it.

Try Kinsta

Intruder

A powerful cloud-based vulnerability scanner that finds security flaws in your digital estate, explains the risks & helps with their remediation. Intruder saves you time by reducing complexity & automatically scanning you for the latest vulnerabilities as soon as they emerge, helping to achieve peace of mind.

Try Intruder

How to Get Client IP from AWS, Google Cloud LB & Cloud Flare in Nginx?

Getting Visitor IP from AWS or Google Cloud LB

Getting Client IP from Cloud Flare

Website Speed Test

Geekflare Audit tool let you quickly find out how does
your site perform against best practices, performance and SEO.

Power Your Business

Choosing the right product and service is essential to run an online business. Here are some of the tools and services to help your business grow.

Netsparker

Kinsta

Intruder

Stay up to date

follow Geekflare on LinkedIn

How to Get Client IP from AWS, Google Cloud LB & Cloud Flare in Nginx?

Getting Visitor IP from AWS or Google Cloud LB

Getting Client IP from Cloud Flare

More Great Reading on Geekflare

7 Best Practices to Secure AWS S3 Storage

5 Lesser Known Amazing AWS Offerings

Summary of The Big Cloud Debate held in Sydney

How to Load Balance Site between GCP and AWS using Cloudflare?

How to Perform AWS Security Scanning and Configuration Monitoring?

15 Cloud Computing Online Courses to Supercharge Your Career

Website Speed Test

Geekflare Audit tool let you quickly find out how does your site perform against best practices, performance and SEO.

Power Your Business

Choosing the right product and service is essential to run an online business. Here are some of the tools and services to help your business grow.

Netsparker

Kinsta

Intruder

Stay up to date

follow Geekflare on LinkedIn

Geekflare Audit tool let you quickly find out how does
your site perform against best practices, performance and SEO.