VMmanager: Administrator guide
Documentation
/
VMmanager: Administrator guide
/
Users
/
Determining real IP addresses of users
en En
es Es
Add to Favorites
Documentation
/
VMmanager: Administrator guide
/
Users
/
Determining real IP addresses of users

Determining real IP addresses of users

The "Detect users' real IP addresses" (Real IP) module allows the Nginx platform web server to correctly identify a client's IP address. This can be useful for logging, access restriction and other functions.

For example, a connection to the platform can be made through a reverse proxy server. A reverse proxy server relays client requests from the external network to one or more servers logically located on the internal network. If a user, who is allowed to authorize only from certain IP addresses, tries to connect to the platform through a reverse proxy server, the platform will block the authorization attempt. This is due to the fact that the connection will be registered from the IP address of the proxy server and not the real IP address of the user.

To allow authorization for such users, transfer to the platform a list of networks from which the server will receive headers with the user's real IP address.

If a user who is allowed to authorize only from certain IP addresses tries to connect to the platform through a reverse proxy server, the platform will block the authorization attempt. This is because the connection will be registered from the IP address of the proxy server, not the real IP address of the user.

Configuring via platform interface

  1. In the right menu, click the icon → Global settings tab.
  2. In the Detect users' real IP addresses (Real IP) section, click Configure.
  3. Specify the parameters:
    1. Header containing the real IP — the value of the proxy_set_header directive in Nginx. In most cases, a value of X-Forwarded-For or X-Real-IP will be fine. If you use Cloudflare services, specify the value CF-Connecting-IP.
    2. Trusted IP addresses to receive the header — IP addresses and subnets in IPv4 and IPv6 format from which the server will receive headers with the real IP address of the user. Check with your provider for an up-to-date list of networks. For example, the list of Cloudflare networks is available at https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6.
    3. Click the Edit button.

To change the settings, in the Detect users' real IP addresses (Real IP) section, click Edit.

To remove the settings, in the Detect users' real IP addresses (Real IP) section, click Disable.

Configuring via API

  1. Get the authorization token: 
    curl -k -X POST -H "accept: application/json" -H "Content-Type: application/json" 'https://domain.com/auth/v4/public/token' -d '{"email": "admin_email", "password": "admin_pass"}'
    Comments to the command

    In response, you will get the message in the form:

    Example of response in JSON
    {
  "confirmed": true,
  "expires_at": null,
  "id": "6",
  "token": "4-e9726dd9-61d9-2940-add3-914851d2cb8a"
}

    Save the received token value.

  2. Perform a request of the form:  
    curl -k -X POST 'https://example.com/auth/v4/realip/trusted_servers' -d '{"header": "<proxy_set_header>", "ips": ["<network_1>","<network_2>","<network_3>",...,"<network_N>"]}' -H 'x-xsrf-token: <token>'
    Comments
    Example command
    curl -k -X POST 'https://example.com/auth/v4/realip/trusted_servers' -d '{"header": "CF-Connecting-IP", "ips": ["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22"]}' -H 'x-xsrf-token: 4-e9726dd9-61d9-2940-add3-914851d2cb8a'

To check the list of added networks, perform a request: 

curl -k -X GET 'https://example.com/auth/v4/realip/trusted_servers' -H 'x-xsrf-token: <token>'

To delete the list of added networks, perform the request:

curl -k -X DELETE 'https://example.com/auth/v4/realip/trusted_servers' -H 'x-xsrf-token: <token>'
Comments to the commands

The article was last updated on 09.10.2025. The article was prepared by technical writers of ISPsystem