Fix Nginx Logging CDN IP Instead of Real IP

0, problem description

After using CDN, all Nginx logs are CDN IP.

Although Pagoda Firewall can intercept malicious requests and block real IPs, some scanners have not been identified. You can see in the logs that if the real IPs cannot be found, the IPs of these scanners cannot be blocked.

1. Solution

The solution is to customize the log format.

Edit the Nginx configuration file, if you use Pagoda, it is generally:

/www/server/nginx/conf/nginx.conf

Or modify it directly in the software-Nginx-configuration file.

Add the following to the end of the http field (before the server field):

1
2
3
4
5
6
7
8
9
10
11

http {
     ...
     # Do not modify the original content
     log_format reallog '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" ';
     # Add this paragraph
}

server {
     ...
     # Do not modify the original content
}

Then in the Nginx configuration file of the website with CDN enabled, modify:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.