PRICING SUPPORT LOGIN
  1. WordPress
  2. PHP
  3. Magento
  4. IP Board
  5. vBulletin
  6. PrestaShop
  7. WHMCS
  8. Apache
  9. Nginx
  10. IIS
  11. LiteSpeed

If your system is showing the same IP address for all clients connected to your site that's because Firewall is a passthrough WAF. It will be in the middle of the communication between the clients and the hosting server to be able to filter the malicious requests. Because of that, the headers are modified and the source IP will be shown as the Firewall IP.

You can read more details about this here.

In case your application needs the real user IP, there are some options to make it work:

WordPress

Simply install and activate the official Sucuri Plugin.

PHP

Add the following code to your application (the config.php or configuration.php is usually a good location):

if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
{
    $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
}

Magento

Place the following code inside of the /app/etc/local.xml file:

<remote_addr_headers><!-- list headers that contain real client IP if webserver is behind a reverse proxy -->
    <header1>HTTP_X_SUCURI_CLIENTIP</header1>
</remote_addr_headers>

IP Board

Settings: Security and Privacy -> "Enable X_FORWARDED_FOR IP matching" set to 'yes'.

vBulletin 4.2+

If you are using vBulletin 4.2 or newer they have added in a feature to allow for use behind a proxy like Firewall. Look inside of your /includes/config.php file for the following code:

/* #### Reverse Proxy IP #### 
If your use a system where the main IP address passed to vBulletin is the address of a proxy server 
and the actual 'real' ip address is passed in another http header then you enter the details here */

/* Enter your known [trusted] proxy servers here. You can list multiple trusted IPs separated by a comma.*/
//$config['Misc']['proxyiplist'] = '127.0.0.1, 192.168.1.6';

/* If the real IP is passed in a http header variable other than HTTP_X_FORWARDED_FOR, then you can set the name here; */
//$config['Misc']['proxyipheader'] = 'HTTP_X_FORWARDED_FOR';

And modify it to the following to work with our firewall:

/* #### Reverse Proxy IP #### 
If your use a system where the main IP address passed to vBulletin is the address of a proxy server 
and the actual 'real' ip address is passed in another http header then you enter the details here */

/* Enter your known [trusted] proxy servers here. You can list multiple trusted IPs separated by a comma.*/
$config['Misc']['proxyiplist'] = '192.88.134.2, 192.88.134.3, 192.88.134.4, 192.88.134.5, 192.88.134.6, 192.88.134.7, 192.88.134.8, 192.88.134.9, 192.88.134.10, 192.88.134.11, 192.88.134.12, 192.88.134.13, 192.88.134.14, 192.88.134.15, 192.88.134.16, 192.88.134.17, 192.88.134.18, 192.88.134.19, 192.88.134.20, 192.88.134.21, 192.88.135.2, 192.88.135.3, 192.88.135.4, 192.88.135.5, 192.88.135.6, 192.88.135.7, 192.88.135.8, 192.88.135.9, 192.88.135.10, 192.88.135.11, 192.88.135.12, 192.88.135.13, 192.88.135.14, 192.88.135.15, 192.88.135.16, 192.88.135.17, 192.88.135.18, 192.88.135.19, 192.88.135.20, 192.88.135.21, 185.93.228.2, 185.93.228.3, 185.93.228.4, 185.93.228.5, 185.93.228.6, 185.93.228.7, 185.93.228.8, 185.93.228.9, 185.93.228.10, 185.93.228.11, 185.93.228.12, 185.93.228.13, 185.93.228.14, 185.93.228.15, 185.93.228.16,, 185.93.228.17, 185.93.228.18, 185.93.228.19, 185.93.228.20, 185.93.228.21, 185.93.229.2, 185.93.229.3, 185.93.229.4, 185.93.229.5, 185.93.229.6, 185.93.229.7, 185.93.229.8, 185.93.229.9, 185.93.229.10, 185.93.229.11, 185.93.229.12, 185.93.229.13, 185.93.229.14, 185.93.229.15, 185.93.229.16, 185.93.229.17, 185.93.229.18, 185.93.229.19, 185.93.229.20, 185.93.229.21, 185.93.230.2, 185.93.230.3, 185.93.230.4, 185.93.230.5, 185.93.230.6, 185.93.230.7, 185.93.230.8, 185.93.230.9, 185.93.230.10, 185.93.230.11, 185.93.230.12, 185.93.230.13, 185.93.230.14, 185.93.230.15, 185.93.230.16, 185.93.230.17, 185.93.230.18, 185.93.230.19, 185.93.230.20, 185.93.230.21';

/* If the real IP is passed in a http header variable other than HTTP_X_FORWARDED_FOR, then you can set the name here; */
$config['Misc']['proxyipheader'] = 'HTTP_X_SUCURI_CLIENTIP';

If you are not able to find that code inside of your /includes/config.php file, you can just add it to the bottom of the file. Make sure you remove the // at the beginning of the 2 lines containing the IP addresses and the header line.

PrestaShop

Create the file /override/classes/Tools.php with the content:

<?php

class Tools extends ToolsCore
{
    /**
    * Get the server variable REMOTE_ADDR, or the first ip of HTTP_X_FORWARDED_FOR (when using proxy)
    *
    * @return string $remote_addr ip of client
    */
    public static function getRemoteAddr()
    {
        // This condition is necessary when using CDN, don't remove it.
        if (isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']) AND $_SERVER['HTTP_X_SUCURI_CLIENTIP'])
        {
            if (strpos($_SERVER['HTTP_X_SUCURI_CLIENTIP'], ','))
            {
                $ips = explode(',', $_SERVER['HTTP_X_SUCURI_CLIENTIP']);
                return $ips[0];
            }
            else
                return $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
        }
        return $_SERVER['REMOTE_ADDR'];
    }
}

and remove the file /cache/class_index.php.

WHMCS

1) Add the PHP code into the configuration.php file; 2) On WHMCS admin, go to Settings -> Security -> Trusted Proxies and add each of the following IP ranges:

192.88.134.0/23
185.93.228.0/22
66.248.200.0/22
2a02:fe80::/29 (in case of IPv6 support)

3) On the "Proxy IP Header" field, insert HTTP_X_SUCURI_CLIENTIP and Save Changes.

Apache

mod_rpaf

mod_rpaf (For Debian Wheezy)

Apache 2.4

Apache 2.4 and above usually comes with mod_remoteip installed, you just need to enable it. If mod_remoteip has not been included in your Apache install you can download it here: mod_remoteip

If you enable the trusted proxy IP setting, you should use the following configuration:

RemoteIPHeader X_FORWARDED_FOR
RemoteIPTrustedProxy 192.88.134.0/23
RemoteIPTrustedProxy 185.93.228.0/22
RemoteIPTrustedProxy 66.248.200.0/22
RemoteIPTrustedProxy 2a02:fe80::/29 # this line can be removed if IPv6 is disabled

If you are using cPanel/WHM, you should add those rules at /usr/local/apache/conf/includes/pre_main_global.conf or in the mod_remoteip configuration file.

You can also add the following line in your /usr/local/apache/conf/includes/post_virtualhost_global.conf file and restart Apache, if you want to see the visitor IP address in the Apache logs:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Nginx

ngx_http_realip_module

After enabling ngx_http_realip_module you should add the following to your nginx configuration:

# Define header with original client IP
real_ip_header X-Forwarded-For;
# Define trusted Firewall IPs
set_real_ip_from 192.88.134.0/23;
set_real_ip_from 185.93.228.0/22;
set_real_ip_from 66.248.200.0/22;
set_real_ip_from 2a02:fe80::/29; # this line can be removed if IPv6 is disabled

IIS using Advanced Logging

Details here

LiteSpeed

In the LiteSpeed Web Admin Panel go to Configuration -> Server -> General Settings and set Use Client IP in Header to 'Yes'.

To avoid conflicts with LiteSpeed rate limiting, please also add Sucuri Firewall IP ranges on the Allowed List. Go to Configuration -> Server -> Security -> Allowed List and add the following IP addresses:

192.88.134.0/23T, 185.93.228.0/22T, 66.248.200.0/22T, 2a02:fe80::/29T

Note: If you run into issues with the IPv6 addresses (2a02:fe80::/29), and you do not have an IPv6 Addresses assigned to/as host, you should remove those lines from any directive.