CF-Connecting-IP and X-Forwarded-For headers are Cloudflare IPs
I have a custom nginx access log format for a site that logs $http_cf_connecting_ip. When I make a request to this site, the IP logged is 254.253.225.218, a so-called bogon IP address. When I look at the X-Forwarded-For header of the same requests, I can see 254.253.225.218, 172.71.190.95. 172.71.190.95 is a Cloudflare IP from AS13335.
The rest of the Cloudflare headers such as Cf-Postal-Code, Cf-Ipcountry, etc. appear to be as correct as they can be.
Does anybody know why Cf-Connecting-Ip is totally wrong?
5 Replies
it appears possibly related to the network setting 'pseudo-ipv4' being set to 'overwrite headers'
this setting seems to generate a fake unique ip address for visitors using ipv6
after changing that setting to 'add header' fail2ban is correctly setting the banned ips
brilliant
i really recommend adding a note about this to cloudflare's restoring original ip documentation at https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/
Restoring original visitor IPs · Cloudflare Support docs
When your website traffic is routed through the Cloudflare network , we act as a reverse proxy. This allows Cloudflare to speed up page load time by …
i spent hours trying to understand what was broken, and read these docs multiple times
Thanks for the feedback!
(and sorry about it not being clear in the first place)
Should be fixing this in https://github.com/cloudflare/cloudflare-docs/pull/11690
i have a feeling there are a few unsolved mysteries out there that might benefit from that
love seeing (what i think are) good documentation changes ^^