Configure apache to log the real client IP instead of cloudflare IP in http access logs (WordPress)

If you are running a WordPress site and you have cloudflare setup, you may have noticed that the http access logs log the IP of cloudflare instead of the actual client IP. This is a guide to enable logging of the real client IP instead of the cloudflare IP in the apache2 logs. This was tested on a Ubuntu 20.04 machine + apache2 and traffic is proxied from cloudflare.

Install Prerequisites:

sudo apt-get install apache2-dev libtool git

Git clone the mod_clouflare repo from cloulflare:

cd ~/
git clone
cd mod_cloudflare

Use the Apache extension tool to convert the .c file into a module:

apxs -a -i -c mod_cloudflare.c

Restart Apache:

sudo apachectl restart

Verify that the module is active:

apache2ctl -M|grep cloudflare

The output should show “cloudflare_module (shared)

Now your apache logs should show the real client IP instead of the cloudflare IPs.

tail -f /var/log/apache2/access.log

-Below is screenshot of access log that shows the real client IP(right click and open image in new lab for high res image):

access.log screenshot


Noirth Security

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.