This happens when we have a reverse proxy Nginx->Apache set up on the server. To be precise, when the Apache based website is behind the reverse proxy(Nginx). In such cases, we may see the accessing IPs on the website access logs as server’s local IP address itself. This behavior is because the reverse proxy or load balancer acts as client to Apache and the Apache sees the internal IP address on its website access log. This doesn’t help an administrator to track down real client IP addresses that access from the outside world.
We can use mod_rpaf module in this case for the Apache.
My machine here is a Centos/cPanel system.
cd /root wget https://github.com/y-ken/mod_rpaf/archive/master.zip unzip master.zip
Now compile it
cd mod_rpaf-master/ apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
Finally, add the module to install Mod_rpaf on cPanel
LoadModule rpaf_module modules/mod_rpaf-2.0.so <IfModule mod_rpaf-2.0.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 xx.xx.xx.xx </IfModule>
Restart Apache to apply the changes:
service httpd restart
A good replacement for mod_rpaf is mod_remoteip which can be installed via Easyapache itself on the cPanel servers.