Real Client IPs with LiteSpeed
LiteSpeed Web Server (LSWS) provides functionality to correct client IP addresses via the X-Forwarded-For request header. There are a few manual steps you must take initally to configure your server for this. Once LiteSpeed is configured properly, its configuration, .htaccess files, request logs, and CGI/PHP scripts will see correct client IPs.
Get in touch with Cachewall support if you're facing any problems.
Configuring LiteSpeed
LiteSpeed should be running before continuing.
-
Open WebHost Manager > LiteSpeed Web Server > LiteSpeed Configuration > LiteSpeed WebAdmin Console.
-
Navigate to Configuration > Server > General tab. Choose Edit alongside the General Settings section.
-
Change option Use Client IP in Header to Trusted IPs Only and save.
-
Navigate to Configuration > Server > Security tab. Choose Edit alongside the Access Control section.
-
A comma-separated list of the server's local interface IP addresses must be added to the Allowed List field.
Each IP should end with a trailing "T" character. We've put together a command to generate this list in the correct format:
echo $(ip addr list | grep inet | tr -s ' ' | cut -d ' ' -f3 | cut -d '/' -f1 | sed -e 's/$/T/') | tr ' ' ','
Copy the output of this command into the Allowed List field and save.
If there's an existing value in the Allowed List, such as "ALL", place a comma between that and the added IPs.
An "ALL" value in this field should not have a trailing "T".
Here's an example on how to updated field should appear:
-
Perform a Graceful Restart of LiteSpeed Web Server to pick up the changes.
See Verifying Real Client IPs to confirm your configuration.