Set up X-Forwarded-For in cPanel/WHM

You are here:
Estimated reading time: 1 min

This header needs to be set up in your web server used to serve your domains.

Please insert your server’s IP addresses in the place of “INSERT YOUR IP ADDRESS(ES) HERE“.

What web server do you use?

I use Apache

The WAF module requires the remoteip_module.

Please make sure it is installed on the server.
In Apache, you can check if the remoteip_module is installed with the apachectl -M |grep remoteip command.

Go to:

  1. Home
  2. Service Configuration
  3. Apache Configuration
  4. Include Editor
  5. Pre Main Include ( Here choose All version )
  6. Please enter the following text into the text field
<IfModule remoteip_module>
    RemoteIPHeader X-Forwarded-For
    RemoteIPInternalProxy INSERT YOUR IP ADDRESS(ES) HERE
</IfModule>
  1. Set the LogFormat under “Global Configurations” to
    %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  2. Then save the changes and restart Apache
Apache X-Forwarded-For header:
In case of multiple IP addresses separate the IPs with space. e.g.: 1.2.3.4 2.3.4.5

I use LiteSpeed

Please go to the LiteSpeed Configuration menu and select the Server and select General. In General / Settings menu you can see Use Client IP in Header.
Here select Trusted IP Only.

You can add the IP address(es) of your server under General tab under Security at Access Control at the Allowed list.
You just need to add your server’s IP addresses separated with space.
You can check out the syntax here: https://www.litespeedtech.com/docs/webserver/config/security#accessControl_allow

Entering “ALL“ into the allowed list is not sufficient.

If your server has an IP range or IP ranges you can add the range to the Allowed list and add “T” after. e.g.: 1.2.3.0/24T
If the server’s IP addresses are not within one range you need to add the IP addresses one-by-one separated with a comma(,).
If you need to add multiple IP ranges you can do that the same way, separating the ranges with commas(,).
e.g.: 1.2.3.1,1.2.3.2,12.13.14.0/12,199.199.5/30

Please also check the Logformat in the file if it looks like this under the Log tab under the General tab:

%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

After this is done save the changes and restart Litespeed.

I Use Nginx

  1. Open the Engintron plugin in WHM (if you are not using any ControlPanel, skip to step 2)
  2. Click on the Edit nginx.conf
  3. Insert the following codes before the real_ip_header X-Forwarded-For line:
real_ip_header    X-Forwarded-For;
real_ip_recursive on;
Eg trusted ips:
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 127.0.0.0/8;
set_real_ip_from <INSERT YOUR IP ADDRESS(ES) HERE>;
  1. Please also check the logformat in the file if it looks like this:
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  1. After this Save the changes and restart Nginx
If You use a Reverse proxy
Set up the X-Forwarded-For header in your reverse proxy too if you use one.
If you use a reverse proxy in front of your web server then setting up the X-Forwarded_for header only in the web server is not sufficient.

Enable the WAF module

You can enable the module from the Dashboard by clicking on the server’s card and then clicking on Setting. You just need to click on the switch icon next to the WAF 2.0 module.

Settings

You can reach the WAF module’s settings by clicking on the Firewall menu point at the top then select the Web Application Firewall menu point.
Lets test WAF

You can test if the WAF module is working if you add /?test=/etc/passwd after one of the domains hosted on the server. e.g.: www.example.com/?test=/etc/passwd It will trigger the WAF module.

You can also test the module by following this guide.

Views: 316