Overcoming the Challenges of CDN Services: Uncovering the Real IP Address

hanishka · December 3, 2025, 12:37pm

Overcoming the Challenges of CDN Services: Uncovering the Real IP Address

When analyzing security policy and site logs, it’s essential to obtain and record the real IP addresses of visitors. However, when a CDN service is enabled, the IP addresses recorded in Nginx logs are often those of the CDN server nodes, not the actual user’s IP address. This can lead to inaccurate analysis and potential security risks.

The Problem with CDN Services and Nginx Logging

By default, Nginx logs the IP address of the CDN server node, which can be misleading when analyzing visitor data. As shown in Figure 1, the IP addresses recorded in the log are often those of the CDN server nodes, such as 183.131.214.25 and 59.56.78.45.

A Solution Based on Nginx Configuration

Fortunately, there is a way to bypass the CDN and obtain the real IP address of visitors using Nginx configuration. This method is based entirely on Nginx and involves modifying the logging configuration to record the real IP address.

Step 1: Modify the Nginx Configuration

To achieve this, we need to add a configuration code to the Nginx configuration file (nginx.conf) to get the user’s real IP address and assign it to a variable:

map $http_x_forwarded_for $clientRealIp {
    "" $remote_addr;
    ~^ (P<firstAddr>[0-9\.]*) $ $firstAddr;
}

This code maps the http_x_forwarded_for header to the clientRealIp variable, which will contain the real IP address of the visitor.

Step 2: Replace $REMOTE_ADDR in the Log Format

Next, we need to replace $REMOTE_ADDR in the log format with $clientRealIP to record the real IP address:

log_format main '$ClientRealIP - $remote_user [$time_local] "$request"'
 '$status $body_bytes_sent $brotli_ratio "$http_referer"'
 '"$http_user_agent" ';

This modified log format will record the real IP address of the visitor.

Step 3: Apply the Log Format Configuration

Finally, we need to apply the modified log format configuration to the Nginx log file by adding the following code to the site log configuration file:

access_log /home/wwwlogs/www.xxxxxxxx.com.log main;

This will generate a log file with the real IP address of visitors.

Restart Nginx and Verify the Results

After restarting Nginx, the log file will contain the real IP addresses of visitors, no longer the CDN node IP addresses. This can be verified by checking the log file in real-time.

Advantages of this Method

This method has several advantages, including:

Minimal performance impact: This method does not rely on any third-party modules and is built entirely using Nginx configuration.
Accurate log analysis: By recording the real IP address of visitors, we can accurately analyze visitor data and prevent potential security risks.
Improved security: This method can help prevent malicious requests and injected IP addresses, allowing us to take targeted defense strategies.

Conclusion

In conclusion, overcoming the challenges of CDN services and obtaining the real IP address of visitors is crucial for accurate log analysis and security. By modifying the Nginx configuration, we can bypass the CDN and record the real IP address of visitors, improving the accuracy of our log analysis and security measures.