can CF-Connecting-IP be faked?
Hey everyone, I wanna know can CF-Connecting-IP be faked like "X-Forwarded-For"?, in other words: How does Cloudflare know customer IP? and on which layer does it rely?
15 Replies
It is the IP that connected to Cloudflare’s edge which is the header. It cant be faked because it will always be overridden and isn’t possible to be edited through any Cloudflare process.
But also just because a request has the connecting IP header doesn’t mean it came from Cloudflare. People can spoof the header.
whitelisting cloudflare IPs only should solve this problem
Yes it would
I get that, but on which TCP/IP layer does it figure out a customer's IP (I hope not the application layer, right?)
yeah yeah, but I just wanna make sure that it does not rely on the headers to figure out my IP
like
X-Forwarded-For or any other param
when the packet arrives, how does it figure out my IP? is this a better question?
like how does it know this is Pato's IP? on which base does it rely on?
located in? the internet layer?
yeah I know that, exactly
thats why im hoping it does not rely on the application layerThe only place where an IP is guaranteed is the internet layer.
so? the internet layer, right?
Yes
any document?
On what? The TCP/IP model?
cloudflare grabbing user IP from the internet layer
Because there’s no other place to grab it?
ur right, it is cloudflare afterall, I would've liked a reassurance
@Helpflare what do you think?
I mean where else do you think they could grab the IP from?
helpflare is a bot lol
Pato, you may want to look into Wireshark to better understand what IP's are transiting your network. It sounds like Chaika and Cyber are both giving you a clear answer, but the understanding needs to be expanded around how de/encapsulation works for packets/frames as they move up and down the OSI model "stack"
X-Forwarded-For (and similar headers) are in a higher layer of the stack, IP's are lower. So figure out which portion of your question you're trying to elaborate on, which will help folks answer the question more correctly.