My aaPanel runs behind Cloudflare, in one of the ports Cloudflare supports.
Everytime I log at the aaPanel, I get an alert by email, with the following content:
Panel Login Alert
ServerHost: aaPanel Linux panel
IP Address: 88.123.77.100(Internet) 88.123.77.100(Internal)
Send Time: 2024-07-26 13:33:35
Login type: account
Account: vkxxxxxx
IP address: 172.70.103.132:51656
Login status: Success
The email is useful as an extra step for safety.
The problem is that the "IP address" of who logged-in ("172.70.103.132" in the above example) is always a Cloudflare IP, instead of the real IP.
That is because the aaPanel extract the IP directly, instead of look in the heads of the request.
For who is behind Cloudflare, the way to get the real IP is by retrieving the "CF-Connecting-IP" header (or "CF-Connecting-IPv6"), as explained here:
https://developers.cloudflare.com/fundamentals/reference/http-request-headers/
This is my suggestion to improve aaPanel, to include support to extract the real IP for when the panel is behind Cloudflare.
Thank you for making this great panel.