Visitor's IP is

I discovered that in the apache log files the visitor is always logged as if they visit the site over the configured hidden service . This can be problematic since fail2ban is intended be used for some services. Is this the intended behavior or should the remote address be forwarded somehow? The torrc file:

SocksPort [::]:9050
ControlPort 9051
ORPort 9001
ORPort [::]:9001
BridgeRelay 1
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
ExitPolicy reject *:*
ExitPolicy reject6 *:*
AutomapHostsOnResolve 1
TransPort [::1]:9040
DNSPort [::1]:9053
HiddenServiceDir /var/lib/tor-instances/plinth/hidden_service
HiddenServicePort 22
HiddenServicePort 80
HiddenServicePort 443

An example line of log from Roundcube:

[30-May-2022 21:53:25 +0000]: <n37rhbnr> IMAP Error: Login failed for admin against localhost from AUTHENTICATE PLAIN: Authentication failed. in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /roundcube/?_task=login&_action=login

The whole point of the Tor network is to hide the IP addresses of users (clients) and servers (onion services).

Your server doesn’t know who is connecting to it. And the client also doesn’t know where he is connecting to. That is how it’s supposed to be and the reason why people use the Tor network.