Add original IP from Cloudflare traffic on Lighttpd logs Home

Cloudflare, as expected from a reverse proxy, hides the original IP address for both ends of the connection. However, such information is of value to webmasters, since the original request IP would appear on logs otherwise.

So, here's a few configuration lines to reenable original IPs on Lighttpd logs. They have to appear as an extra field, since the common IP field is filled with Cloudflare IPs.

It enables the mod_magnet in order to execute lua scripts. The script shown bellow will write a special response header that goes into the log instead of the requesting client.

server.modules = (
	magnet.attract-raw-url-to = ( "original_ip_on_log.lua" )
accesslog.format = " ... %{X-LIGHTTPD-IP}o" 

local r = lighty.r
if r.req_header["CF-CONNECTING-IP"] ~= nil then
	r.resp_header["X-LIGHTTPD-IP"] = r.req_header["CF-CONNECTING-IP"]
return 0;

Reload and hopefully it must work.

If you just need to replace the IP, discarding the Cloudflare one, get a list of Cloudflare's IP ranges and use mod_extforward as described in support. This protects against spoofed CF-CONNECTING-IP headers if you're going to use this information beyond mere logging.