Question

All traffic from Frankfurt in Apache logs on Wordpress Droplet using Cloudflare

I have a Droplet, created using the marketplace wordpress image, using Cloudflare DNS, and my issue is that all traffic looks like it’s coming from Frankfurt, which is the datacenter where the droplet is hosted. This is what I have in apache access log. How can I fix this?

162.158.88.37 - - [27/Nov/2020:10:29:39 +0000] "GET /shop/ HTTP/1.1" 200 24005 "/prodotto/spro2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.89.180 - - [27/Nov/2020:10:29:41 +0000] "GET /wp-content/uploads/2018/04/piastra_mouse-1-100x100.jpg HTTP/1.1" 304 3963 "/shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.90.59 - - [27/Nov/2020:10:29:41 +0000] "GET /wp-content/uploads/2019/02/1-100x100.jpg HTTP/1.1" 304 3963 "/shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:29:44 +0000] "GET /categoria-prodotto/postazioni/ HTTP/1.1" 200 28585 "/shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.93.248 - - [27/Nov/2020:10:29:54 +0000] "GET /wishlist/ HTTP/1.1" 200 22508 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
162.158.88.37 - - [27/Nov/2020:10:29:54 +0000] "GET /prodotto/src-sport/ HTTP/1.1" 200 38840 "/categoria-prodotto/postazioni/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:29:56 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 6102 "/prodotto/src-sport/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:29:56 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 2341 "/prodotto/src-sport/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.91.240 - - [27/Nov/2020:10:29:59 +0000] "POST /?wc-ajax=get_refreshed_fragments HTTP/1.1" 200 4656 "/wishlist/" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.140 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
162.158.94.227 - - [27/Nov/2020:10:30:03 +0000] "GET /categoria-prodotto/accessories-en/?lang=en&add-to-cart=3873&add_to_wishlist=2894 HTTP/1.1" 302 4173 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
162.158.91.112 - - [27/Nov/2020:10:30:07 +0000] "GET /area-clienti/pagamenti/cassa/ HTTP/1.1" 200 21315 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://aspiegel.com/petalbot)"
162.158.88.37 - - [27/Nov/2020:10:30:10 +0000] "GET /categoria-prodotto/postazioni/ HTTP/1.1" 200 28585 "/prodotto/src-sport/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:13 +0000] "GET /prodotto/s1p/ HTTP/1.1" 200 34787 "/categoria-prodotto/postazioni/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:15 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 6102 "/prodotto/s1p/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:15 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 6102 "/prodotto/s1p/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:16 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 2349 "/prodotto/s1p/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
November 29, 2020
Accepted Answer

Hi there @nicolapeluchetti,

What you would need to do in this case is to use mod_remoteip so that you could retrieve the real IP address of your visitors rather than the Cloudflare proxy IPs.

  • First enable the module:
  1. sudo a2enmod remoteip
  • Then update your virtual host and include RemoteIPHeader CF-Connecting-IP:
sudo nano /etc/apache2/sites-available/000-default.conf

Note: In case that you have multiple Vhosts change the 000-default.conf with your site-specific config file

  • Then under your server name add the following:
  1. RemoteIPHeader CF-Connecting-IP

Your Vhost would look something like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName domain.com
RemoteIPHeader CF-Connecting-IP
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • Then update the Apache config to adjust the logging format:
sudo nano /etc/apache2/apache2.conf
  • Find the LogFormat line and change it to:
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
sudo nano /etc/apache2/conf-available/remoteip.conf

And add the following:

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
  • Finally run a config test:
  1. sudo apachectl -t
  • And then restart Apache:
  1. sudo systemctl restart apache2

Here is a link to Cloudflare the documentation on the same topic:

https://support.cloudflare.com/hc/en-us/articles/360029696071

Regards, Bobby

@bobbyiliev thanks a lot, I hadn’t found that on cloudflare. The only difference is that I had to modify the “sites-enabled” folder files instead of the “sites-available”, but everything else worked perfectly!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel