2023-06-22

Fix Nginx Logging CDN IP Instead of Real IP

This article is also available in 正體中文简体中文

0, problem description

After using CDN, all Nginx logs are CDN IP.

Although Pagoda Firewall can intercept malicious requests and block real IPs, some scanners have not been identified. You can see in the logs that if the real IPs cannot be found, the IPs of these scanners cannot be blocked.

1. Solution

The solution is to customize the log format.

Edit the Nginx configuration file, if you use Pagoda, it is generally:

/www/server/nginx/conf/nginx.conf

Or modify it directly in the software-Nginx-configuration file.

Add the following to the end of the http field (before the server field):

Nginx

     http {
     ...
     # Do not modify the original content
     log_format reallog '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" ';
     # Add this paragraph
}

server {
     ...
     # Do not modify the original content
}  
  

Then in the Nginx configuration file of the website with CDN enabled, modify:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.

Replace it with the correct path and save it.

Fix Nginx Logging CDN IP Instead of Real IP

https://blog.tsinbei.com/en/archives/746/

Author

Hsukqi Lee

Posted on

2023-06-22

Edited on

2023-06-22

Licensed under

CC BY-NC-ND 4.0

Comments

None yet