Api, CDN, DNS is proxied, opencart

I have an opencart Website 3.0.3.6
Warning: You do not have permission to access the API!
when we open the order info page, the api will login by ajax automatic, and register a session called ‘api_id’.
But when I try to change my order’s status, I’ll get API error because the api_id is not exist!?
I think, Cloudflare is that DNS is proxied by default, so the IP address that OpenCart sees is the Cloudflare proxy server, NOT the user’s IP address.
I looked into using a specific header ‘CF-Originating-IP’ which has the true client (user) IP address but I confused how to set this up correctly
Is there away to setup so a number of chosen ip address can co threw unaltered
And wasn’t sure about how to switch off the CDN or which to switch off.

Just very confused what to do

Correct the proxy will hide the users ip.

You can restore visitro ips at the origin server logs per: Restoring original visitor IPs · Cloudflare Support docs

However, if you are trying to see the originating user Ip in the headers of a request once it reaches the origin you must use true client Ip this requires. enterprise.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.