{"id":1588,"date":"2026-05-19T14:01:59","date_gmt":"2026-05-19T19:01:59","guid":{"rendered":"https:\/\/it.thelibrarie.com\/weblog\/?p=1588"},"modified":"2026-05-19T14:01:59","modified_gmt":"2026-05-19T19:01:59","slug":"cloudflare-apache-access_log-127-0-0-1","status":"publish","type":"post","link":"https:\/\/it.thelibrarie.com\/weblog\/2026\/05\/cloudflare-apache-access_log-127-0-0-1\/","title":{"rendered":"Cloudflare Apache access_log 127.0.0.1"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Running a standard Apache2 website behind a Cloudflare tunnel and I see that any access attempts are logged with:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>127.0.0.1 - - [19\/May\/2026:18:40:18 +0000] \"GET \/ HTTP\/1.1\" 304 248 \"-\" \"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/148.0.0.0 Safari\/537.36\"<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We&#8217;ll need to enable apache&#8217;s remoteip module, configure our apache site&#8217;s conf to include the required cloudflare header, change our apache logformat syntax, and then define the trusted cloudflare proxy IP&#8217;s. Sounds harder than it really is, so here are the commands.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Enable the Apache remoteip Module<br><\/strong><code>sudo a2enmod remoteip<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Update your apache site conf file<br><\/strong><code>nano \/etc\/apache2\/sites-available\/000-default.conf<\/code><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-style-plain is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">ServerAdmin webmaster@localhost<br>DocumentRoot \/var\/www\/html<br>ServerName my.awesome.server<br>RemoteIPHeader CF-Connecting-IP<br>ErrorLog ${APACHE_LOG_DIR}\/error.log<br>CustomLog ${APACHE_LOG_DIR}\/access.log combined<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Update the Apache LogFormat Syntax<br><\/strong><code>nano \/etc\/apache2\/apache2.conf<br><\/code><strong>Search for<\/strong> LogFormat &#8220;%h %l %u %t &#8220;%r&#8221; %>s %O &#8220;%{Referer}i&#8221; &#8220;%{User-Agent}i&#8221;&#8221; combined<br><strong>Replace with<\/strong> LogFormat &#8220;%a %l %u %t &#8220;%r&#8221; %>s %O &#8220;%{Referer}i&#8221; &#8220;%{User-Agent}i&#8221;&#8221; combined<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Create Remote IP Trusted Proxy File<br><\/strong><code>nano \/etc\/apache2\/conf-available\/remoteip.conf<\/code><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">RemoteIPHeader CF-Connecting-IP<br>RemoteIPTrustedProxy 173.245.48.0\/20<br>RemoteIPTrustedProxy 103.21.244.0\/22<br>RemoteIPTrustedProxy 103.22.200.0\/22<br>RemoteIPTrustedProxy 103.31.4.0\/22<br>RemoteIPTrustedProxy 141.101.64.0\/18<br>RemoteIPTrustedProxy 108.162.192.0\/18<br>RemoteIPTrustedProxy 190.93.240.0\/20<br>RemoteIPTrustedProxy 188.114.96.0\/20<br>RemoteIPTrustedProxy 197.234.240.0\/22<br>RemoteIPTrustedProxy 198.41.128.0\/17<br>RemoteIPTrustedProxy 162.158.0.0\/15<br>RemoteIPTrustedProxy 104.16.0.0\/13<br>RemoteIPTrustedProxy 104.24.0.0\/14<br>RemoteIPTrustedProxy 172.64.0.0\/13<br>RemoteIPTrustedProxy 131.0.72.0\/22<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">You can <em>grab the updated list from https:\/\/www.cloudflare.com\/ips-v4\/# or https:\/\/cloudflare.com\/ips\/<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Test Apache Configuration<br><\/strong><code>sudo apache2ctl configtest<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Restart Apache Services<br><\/strong><code>sudo apache2ctl restart<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Running a standard Apache2 website behind a Cloudflare tunnel and I see that any access attempts are logged with: 127.0.0.1 &#8211; &#8211; [19\/May\/2026:18:40:18 +0000] &#8220;GET \/ HTTP\/1.1&#8221; 304 248 &#8220;-&#8221; &#8220;Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/148.0.0.0 Safari\/537.36&#8221; We&#8217;ll need to enable apache&#8217;s remoteip module, configure our apache site&#8217;s conf to &hellip; <a href=\"https:\/\/it.thelibrarie.com\/weblog\/2026\/05\/cloudflare-apache-access_log-127-0-0-1\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Cloudflare Apache access_log 127.0.0.1<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-1588","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/posts\/1588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/comments?post=1588"}],"version-history":[{"count":1,"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/posts\/1588\/revisions"}],"predecessor-version":[{"id":1589,"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/posts\/1588\/revisions\/1589"}],"wp:attachment":[{"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/media?parent=1588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/categories?post=1588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it.thelibrarie.com\/weblog\/wp-json\/wp\/v2\/tags?post=1588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}