iplogger/
├── app/
│ ├── index.js # Logger + Redirect handler (Node.js)
│ ├── package.json
│ └── Dockerfile
├── dashboard/
│ ├── index.html # Dashboard UI
│ └── nginx.conf
├── proxy.conf # Nginx Reverse Proxy configuration
└── docker-compose.yml
| Field | Details |
|---|---|
| IP Address | Including real client IP via Cloudflare's CF-Connecting-IP header |
| Geolocation | Country, region, city, coordinates, timezone |
| Browser | Name and version |
| OS & Platform | Operating system and platform identifier |
| Device Type | Mobile / Tablet / Desktop / Bot |
| HTTP Headers | Accept, Accept-Language, DNT, Sec-CH-UA, etc. |
| Cloudflare Headers | CF-Ray, CF-IPCountry, CF-Visitor |
| Referer & Origin | Where the request originated from |
| Language & Timezone | Extracted from request headers |
This project is fully compatible with Cloudflare as a reverse proxy. When traffic is routed through Cloudflare:
- The real client IP is extracted from the
CF-Connecting-IPheader (instead of the proxy IP) - Cloudflare-specific headers (
CF-Ray,CF-IPCountry,CF-Visitor) are forwarded by Nginx and stored in every log entry - Express is configured with
trust proxy: trueto correctly handle forwarded headers
The logger also works without Cloudflare — it falls back to standard X-Real-IP and X-Forwarded-For headers automatically.
# From the iplogger directory:
docker compose up -d --build
# Logger (Redirect endpoint): http://localhost:8080/
# Dashboard UI: http://localhost:8081/Edit the TARGET_URL environment variable in docker-compose.yml:
environment:
- TARGET_URL=https://your-target-url.com| Endpoint | Method | Description |
|---|---|---|
/ |
GET |
Logs visitor data and redirects to TARGET_URL |
/api/logs |
GET |
Returns all captured log entries as JSON |
/api/stats |
GET |
Returns aggregated statistics |
/api/logs |
DELETE |
Permanently deletes all log entries |
Via Dashboard: Click the 🗑️ Delete All button in the UI.
Via Docker: Remove the named volume directly:
docker volume rm iplogger_iplogger_dataThis project is intended strictly for educational purposes — to demonstrate how HTTP metadata, browser fingerprinting, and geolocation data are collected from web requests.
Do not deploy this tool to log visitors without their explicit, informed consent. Depending on your jurisdiction, collecting personal data (including IP addresses) without consent may violate privacy laws such as the GDPR (EU), nFADP (Switzerland), CCPA (California), or others.
The author assumes no liability for misuse of this software.