If you are running a WordPress site and you have cloudflare setup, you may have noticed that the http access logs log the IP of cloudflare instead of the actual client IP. This is a guide to enable logging of the real client IP instead of the cloudflare IP in the apache2 logs. This was tested on a Ubuntu 20.04 machine + apache2 and traffic is proxied from cloudflare.
– Install Prerequisites:
sudo apt-get install apache2-dev libtool git
Git clone the mod_clouflare repo from cloulflare:
cd ~/
git clone https://github.com/cloudflare/mod_cloudflare.git
cd mod_cloudflare
Use the Apache extension tool to convert the .c file into a module:
apxs -a -i -c mod_cloudflare.c
Restart Apache:
sudo apachectl restart
Verify that the module is active:
apache2ctl -M|grep cloudflare
The output should show “cloudflare_module (shared)“
Now your apache logs should show the real client IP instead of the cloudflare IPs.
tail -f /var/log/apache2/access.log
-Below is screenshot of access log that shows the real client IP(right click and open image in new lab for high res image):
Sources/Credits/References: