Real Client IPs with LiteSpeed

LiteSpeed Web Server (LSWS) provides functionality to correct client IP addresses via the X-Forwarded-For request header. There are a few manual steps you must take initally to configure your server for this. Once LiteSpeed is configured properly, its configuration, .htaccess files, request logs, and CGI/PHP scripts will see correct client IPs.

Get in touch with Cachewall support if you're facing any problems.

Configuring LiteSpeed

LiteSpeed should be running before continuing.

  1. Open WebHost Manager > LiteSpeed Web Server > LiteSpeed Configuration > LiteSpeed WebAdmin Console.

  2. Navigate to Configuration > Server > General tab. Choose Edit alongside the General Settings section.

  3. Change option Use Client IP in Header to Trusted IPs Only and save.

  4. Navigate to Configuration > Server > Security tab. Choose Edit alongside the Access Control section.

  5. A comma-separated list of the server's local interface IP addresses must be added to the Allowed List field.

    Each IP should end with a trailing "T" character. We've put together a command to generate this list in the correct format:

    echo $(ip addr list | grep inet | tr -s ' ' | cut -d ' ' -f3 | cut -d '/' -f1 | sed -e 's/$/T/') | tr ' ' ','

    Copy the output of this command into the Allowed List field and save.

    If there's an existing value in the Allowed List, such as "ALL", place a comma between that and the added IPs.

    An "ALL" value in this field should not have a trailing "T".

    Here's an example on how to updated field should appear:

  6. Perform a Graceful Restart of LiteSpeed Web Server to pick up the changes.

See Verifying Real Client IPs to confirm your configuration.

Still need help? Contact Us Contact Us