If you are using cPanel/WHM please make sure to open/allow the 60418 port on TCP on your server and on the firewall in front of it (if there is one). It is required for the CaptchaHTTPS service.
This header needs to be set up in your web server used to serve your domains.
Please insert your server’s IP addresses in the place of “INSERT YOUR IP ADDRESS(ES) HERE“.
What web server do you use?
I use Apache
Please make sure it is installed on the server.
In Apache, you can check if the remoteip_module is installed with the
apachectl -M |grep remoteip command. Go to:
- Home
- Service Configuration
- Apache Configuration
- Include Editor
- Pre Main Include ( Here choose All version )
- Please enter the following text into the text field
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy INSERT YOUR IP ADDRESS(ES) HERE
</IfModule>- Set the LogFormat (combined) under “Global Configurations” to
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" - Then save the changes and restart Apache
In case of multiple IP addresses separate the IPs with space. e.g.: 1.2.3.4 2.3.4.5
I use LiteSpeed
Please go to the LiteSpeed Configuration menu and select the Server and select General. In General / Settings menu you can see Use Client IP in Header.
Here select Trusted IP Only.
You can add the IP address(es) of your server under General tab under Security at Access Control at the Allowed list.
You just need to add your server’s IP addresses separated with space.
You can check out the syntax here: https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow
If your server has an IP range or IP ranges you can add the range to the Allowed list and add “T” after. e.g.: 1.2.3.0/24T
If the server’s IP addresses are not within one range you need to add the IP addresses one-by-one separated with a comma(,).
If you need to add multiple IP ranges you can do that the same way, separating the ranges with commas(,).
e.g.: 1.2.3.1,1.2.3.2,12.13.14.0/12,199.199.5/30
Change the Logformat setting under the General tab/ Log tab to look like this:
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
After this is done save the changes and restart Litespeed.
I Use Nginx
- Open the Engintron plugin in WHM (if you are not using any ControlPanel, skip to step 2)
- Click on the Edit nginx.conf
- Insert the following codes before the real_ip_header X-Forwarded-For line:
real_ip_header X-Forwarded-For;
real_ip_recursive on;
Eg trusted ips:
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from <INSERT YOUR IP ADDRESS(ES) HERE>;- Please also check the logformat in the file if it looks like this:
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined- After this Save the changes and restart Nginx
Set up the X-Forwarded-For header in your reverse proxy too if you use one.
If you use a reverse proxy in front of your web server then setting up the X-Forwarded_for header only in the web server is not sufficient.
Enable the WAF module
You can enable the module from the Dashboard/ Servers by clicking on the cogwheel next to the server’s name. You just need to click on the switch icon next to the WAF 2.0 module.
You can reach the WAF rules by clicking on the Firewall menu point at the top and then selecting the Web Application Firewall menu point.
You can test if the WAF module is working if you add
/?test=/etc/passwd after one of the domains hosted on the server. e.g.: www.example.com/?test=/etc/passwd It will trigger the WAF module.You can also test the module by following this guide.