Show Real Visitor IP Instead of Cloudflare's in cPanel

I’m using Apache and someone is doing some bruteforce to XMLRPC Wordpress interface. When I checked the Apache Status I mostly see IPs from Cloudflare.

What’s the best way to get the real IP? I’ve read mod_cloudflare is not being maintaned anymores.

They’re now supporting mod_remoteip for Apache2. Kindly refer to the Cloudflare docs.

1 Like

I’n following it.

What would be the best place where to put the configuration in steps 2 and 3, so they won’t be overridden on update?

Best place to add custom Apache directives is here
WHM Home » Service Configuration » Apache Configuration » Include Editor » Post VirtualHost Include » All Versions