Bug with WAF Logs; Same IP address shown for different ASNs

There seems to be a bug as IP 2a06:98c0:3600::103 is tested to be originating from AS132892 Cloudflare, Inc., several queries are using that same IP address, but accessed by different ASNs and user agents.

1 Like

Even a Googlebot accessing from AS15169 Google is having that bugged IP address and challenged.

1 Like

Not a bug - this is the Worker’s cross-zone IP.

If a Worker makes a request to your site and it isn’t in the same zone (aka not yours), it will use this IP so that requests made on the behalf of a user which they might not be aware of are not attributed to them.


But, taking for instance UptimeRobot requests there - especially it being a legitimate request sent by me, but it has a CF Worker IP address instead?

The ASN used by UptimeRobot and the accessing path are correct, but the IP address is a CF Worker…?

I don’t quite get the logic as to how the IP address can be ‘de-sync’ against the ASN.

Like I said. The IP is substituted, the ASN is not.

It doesn’t matter who sent the request - if it goes through a Worker from another zone then the IP would be substituted.

1 Like


I also have a problem similar to you, I can no longer retrieve the IP address of visitors with PHP…

I don’t use Cloudflare workers, but I have several domains that are different websites and are attached to the same Cloudflare account.

I only have one website that has this problem, all the others have no problem retrieving the IP address with PHP.


Tested by intentionally challenging 2a06:98c0:3600::103 via WAF Tools and I am shown the challenge on even on my end.

I’m definitely not using Workers and it doesn’t make any sense that this “isn’t a bug”.

I’m even getting duplicate queries logged from an legitimate bot and through that bugged Worker IP.

Moreover, Google Search Console is not even able to access several pages on my site, stating a Soft 404.

1 Like

Issue caused by Zaraz, disabling it works around this issue.

1 Like

Discussion here: