Thank you for watching

If you are looking to get the real ip of the client it is a pretty simple change, however the change needs to be made in Nginx proxy manager. In the Nginx proxy manager , open a proxy host and go to advance configuration then paste the following: set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/13; set_real_ip_from 104.24.0.0/14; set_real_ip_from 108.162.192.0/18; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2a06:98c0::/29; set_real_ip_from 2c0f:f248::/32; real_ip_header CF-Connecting-IP; real_ip_recursive on; Once pasted, save and repeat for all your other proxy hosts if needed. The above config is a list of cloudflare IP's and will replace the source ip header with the clients ip actual ip. Now you can go back to openappsec and set source identity to "source IP" and enforce the policy. Thats it, you should be able to now get the clients IP instead of cloudflares. Note: The X-Forwarded-For Header only will accept single IPs and not subnets such as 10.0.0.1/24. So this will work if you have an internal proxy and not cloudflare. Please like and share!

Yes there is a self hosted option. I’m actually working on a video for that!

Yes you can install it on Nginx without NPM. I am working on a Nginx video

Head over to hub.geek2gether.com/c/openappsec/17 and post a question about what you need help with.

OK, thank you, I'll wait for your answer there​@@geek2gether469