Cloudflare X_FORWARDED_FOR Header

JLX89

Hello Everyone,
We currently have an app setup using the LAMP app. We are using a combination of services and various rules in Cloudflare to protect this app. Beyond this use-case, I've seen this on other LAMP apps showing the Cloudflare Proxy IP Addresses.

We have the ability to add Cloudflare IP Ranges to a "Trusted Proxy List" and configure the HTTP header to find the authoritative IP address for the request using X_FORWARDED_FOR.

Based on the app logs, it seems that for each request, the LAMP app is showing the Cloudflare Proxy addresses.

Would it be possible to make some changes in the LAMP App to support the use of mod_remoteip if someone is using Cloudflare and needs to relay the address of the visitor?

@nebulon posted a reference to an article in the past, but not sure if thats still valid or now.

Any help with this would be greatly appreciated!

Thank you!

girish

@JLX89 Is the use to access the real client IP in php code ? If so, Cloudflare sets the CF-Connecting-IP header. You can just access that in PHP as $_SERVER["HTTP_CF_CONNECTING_IP"] . If the issue is apache logs, I think just replace X-Forwarded-For with CF-Connecting-IP will do the trick.

    LogFormat "%{CF-Connecting-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    CustomLog "|/bin/cat" proxy
    ErrorLog "|/bin/cat"

See also https://stackoverflow.com/questions/14985518/cloudflare-and-logging-visitor-ip-addresses-via-in-php and https://stackoverflow.com/questions/29558009/logformat-for-cloudflare-in-apache