Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Display the real IP in Web Application Firewall (WAF) when using Cloudflare

Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header in WAF rule. Simply enable the remoteip module in Apache2 and add this to your vhost configuration:

RemoteIPHeader X-Client-IP
RemoteIPHeader X-Forwarded-For
RemoteIPProxiesHeader X-Forwarded-By
RemoteIPInternalProxy 10.66.66.1

And configure the log format in apache2.conf:

SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" forwarded
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
CustomLog ${APACHE_LOG_DIR}/access.log forwarded env=forwarded

However, how can I configure the Sophos Log Viewer to display the real user IP addresses?



Added FR TAG
[edited by: Erick Jan at 12:13 AM (GMT -7) on 8 Oct 2024]