- Enable mod_remoteip
$ sudo a2enmod remoteip - Add “RemoteIPHeader X-Forwarded-For” to the Apache configuration
- Change the Apache log format, substituting %h for %a
Find the matching LogFormat
line in your Apache conf and change:
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
to:
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
Example, blocking direct requests that bypass Cloudflare:
- Modify Apache configuration for a particular site:
<Directory /var/html/website/public>
Order deny,allow
Deny from all
Allow from 173.245.48.0/20