Report this

What is the reason for this report?

All traffic from Frankfurt in Apache logs on Wordpress Droplet using Cloudflare

Posted on November 27, 2020

I have a Droplet, created using the marketplace wordpress image, using Cloudflare DNS, and my issue is that all traffic looks like it’s coming from Frankfurt, which is the datacenter where the droplet is hosted. This is what I have in apache access log. How can I fix this?

162.158.88.37 - - [27/Nov/2020:10:29:39 +0000] "GET /shop/ HTTP/1.1" 200 24005 "/prodotto/spro2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.89.180 - - [27/Nov/2020:10:29:41 +0000] "GET /wp-content/uploads/2018/04/piastra_mouse-1-100x100.jpg HTTP/1.1" 304 3963 "/shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.90.59 - - [27/Nov/2020:10:29:41 +0000] "GET /wp-content/uploads/2019/02/1-100x100.jpg HTTP/1.1" 304 3963 "/shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:29:44 +0000] "GET /categoria-prodotto/postazioni/ HTTP/1.1" 200 28585 "/shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.93.248 - - [27/Nov/2020:10:29:54 +0000] "GET /wishlist/ HTTP/1.1" 200 22508 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
162.158.88.37 - - [27/Nov/2020:10:29:54 +0000] "GET /prodotto/src-sport/ HTTP/1.1" 200 38840 "/categoria-prodotto/postazioni/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:29:56 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 6102 "/prodotto/src-sport/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:29:56 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 2341 "/prodotto/src-sport/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.91.240 - - [27/Nov/2020:10:29:59 +0000] "POST /?wc-ajax=get_refreshed_fragments HTTP/1.1" 200 4656 "/wishlist/" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.140 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
162.158.94.227 - - [27/Nov/2020:10:30:03 +0000] "GET /categoria-prodotto/accessories-en/?lang=en&add-to-cart=3873&add_to_wishlist=2894 HTTP/1.1" 302 4173 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
162.158.91.112 - - [27/Nov/2020:10:30:07 +0000] "GET /area-clienti/pagamenti/cassa/ HTTP/1.1" 200 21315 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://aspiegel.com/petalbot)"
162.158.88.37 - - [27/Nov/2020:10:30:10 +0000] "GET /categoria-prodotto/postazioni/ HTTP/1.1" 200 28585 "/prodotto/src-sport/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:13 +0000] "GET /prodotto/s1p/ HTTP/1.1" 200 34787 "/categoria-prodotto/postazioni/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:15 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 6102 "/prodotto/s1p/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:15 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 6102 "/prodotto/s1p/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"
162.158.88.37 - - [27/Nov/2020:10:30:16 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 2349 "/prodotto/s1p/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47"


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi there @nicolapeluchetti,

What you would need to do in this case is to use mod_remoteip so that you could retrieve the real IP address of your visitors rather than the Cloudflare proxy IPs.

  • First enable the module:
  1. sudo a2enmod remoteip
  • Then update your virtual host and include RemoteIPHeader CF-Connecting-IP:
sudo nano /etc/apache2/sites-available/000-default.conf

Note: In case that you have multiple Vhosts change the 000-default.conf with your site-specific config file

  • Then under your server name add the following:
  1. RemoteIPHeader CF-Connecting-IP

Your Vhost would look something like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName domain.com
RemoteIPHeader CF-Connecting-IP
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • Then update the Apache config to adjust the logging format:
sudo nano /etc/apache2/apache2.conf
  • Find the LogFormat line and change it to:
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
sudo nano /etc/apache2/conf-available/remoteip.conf

And add the following:

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
  • Finally run a config test:
  1. sudo apachectl -t
  • And then restart Apache:
  1. sudo systemctl restart apache2

Here is a link to Cloudflare the documentation on the same topic:

https://support.cloudflare.com/hc/en-us/articles/360029696071

Regards, Bobby

@bobbyiliev thanks a lot, I hadn’t found that on cloudflare. The only difference is that I had to modify the “sites-enabled” folder files instead of the “sites-available”, but everything else worked perfectly!

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.