fromhell39
commented
4 years ago Please help me, I want to use this module with cloudflare :/
Open fromhell39 opened 4 years ago
fromhell39
commented
4 years ago Please help me, I want to use this module with cloudflare :/
9mido
commented
4 years ago @distorhead @shurup @distol @Haelle @itpp16 @blechschmidt
Maintainers, any advice on this? I also want to be able to use this with the free cloudflare DDoS protection. Besides that, I imagine there might be problems with reverse proxies/load balancers if the user above had problems. But issue #13 has comments which seems to address the load balancing issue.
@fromhell39 were you able to figure it out? If so, please comment here to help others out. If not, please share your configuration you used that is not working.
I found a question on stackoverflow with the same cloudflare issue but it has no answer yet:
https://stackoverflow.com/questions/62445810/nginx-http-rdns-with-cloudflare
I have made a question with an answer here:
https://serverfault.com/questions/1031622/nginx-reverse-dns-with-cloudflare/1031640#1031640
Can someone confirm if this fixes the cloudflare compatibility problem?
shurup
commented
4 years ago @9mido: I am sorry but we at Flant (the first 3 users you're appealing to) have stopped supporting this module for a long time already as we don't use it anymore and can't afford maintaining the code base. Since it's Open Source, we would be grateful for contributions from community though. Any investigations and fixes are welcome!
imndr
commented
4 years ago @9mido @fromhell39 You actually can’t use it behind cloudflare, because the incoming IP address is the cloudflare one. You can edit it from the source code. I can do that if you still needing that feature.
9mido
commented
4 years ago @imndr What do you need to edit from the source code to get it to work (if you mean the incoming IP address where is it in the source)? If you could make a pull request to get it to work with cloudflare that would be so awesome we would all be so grateful.
Just guessing here. Do you mean the reverse DNS lookup behind a Cloudflare host won't work because the server that would be requesting the reverse DNS lookup would be receiving the Cloudflare IP and not the original client's IP address? Maybe cloudflare is attaching that information somewhere on the incoming request, and then performing the PTR lookup with that. If true, that would mean it doesn't work for all reverse proxy setups, and not just Cloudflare.
imndr
commented
4 years ago @9mido you could use Nginx's embedded real_ip module ( http://nginx.org/en/docs/http/ngx_http_realip_module.html ), in order to restore the real visitor IP behind a reverse proxy. For the CloudFlare's specific case:
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;
@imndr right that is from the serverfault link that I made. I was confused by what you meant by "you can edit from the source code" Which file and which lines in the file to add it to?
You also say "I can do that if you still needing that feature." Did you do it? What did you do, make a PR? Sorry but I am still confused by what you meant.
Also, can someone confirm if this module works with a cloudflare competitor bitmitigate?
I want to use this module behind cloudflare. But I failed to run it. What does it take to work with CloudFlare?