Real client IP
Hi everyone,
I'm running an application hosted on Kubernetes, and I'm facing an issue where I need to obtain the real IP addresses of clients accessing my app. Currently, Cloudflare is sitting in front of my application, and it seems like I only receive the IP addresses of Cloudflare nodes.
Is there a way to get the real IP addresses of clients through Cloudflare? Any specific headers or configurations I should be aware of?
Thanks in advance for your help!
2 Replies
The
CF-Connecting-IP is probably what you are looking for. https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#cf-connecting-ipCloudflare Docs
Cloudflare HTTP request headers · Cloudflare Fundamentals docs
Cloudflare passes all HTTP request headers to your origin web server and adds additional headers as specified below.
Thank you so much @Cyb3r-Jok3 for your guidance! Your suggestions led me to the documentation on Cloudflare's HTTP request headers (https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#cf-connecting-ip) and a solution on Stack Overflow (https://stackoverflow.com/questions/76837736/configuring-kubernetes-ingress-nginx-to-preserve-client-ip-address-from-cloudfla/76847942#76847942). By adding these three annotations to the configmap of the ingress nginx installed with Helm:
enable-real-ip: "true"
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
I am now able to see the real client IPs in the logs. Additionally, in the backend, or through a middleware application, I can read the real IPs using the forwarded headers.
Thanks again for your help!
Stack Overflow
Configuring Kubernetes Ingress Nginx to Preserve Client IP Address ...
Regarding my Kubernetes setup, I am using the Nginx Ingress controller. To handle incoming requests, I utilize a Cloudflare worker to interact with my Kubernetes cluster. The worker sends a request...
Cloudflare Docs
Cloudflare HTTP request headers · Cloudflare Fundamentals docs
Cloudflare passes all HTTP request headers to your origin web server and adds additional headers as specified below.