Cloudflare IP in Apache logs but not in Cloudflare IP list

We have Apache setup to restore the real IPs using the article here:

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

This has been working fine, and we rely on the list of Cloudflare IPs here:

We’re seeing a few Cloudflare IPs show up in our Apache logs because they are not in the Cloudflare IP list, so the module does not read from “CF-Connecting-IP”

Here’s one of the IPs in question:

104.28.217.42

The Cloudflare IP ranges are:

  • 104.16.0.0/13
  • 104.24.0.0/14

And the IP above does not fall into the above subnets.

Interestingly, the IP does fall under 104.16.0.0/12 which Cloudflare removed from its list on Apr 8 2021.

Anyone have any idea what this might mean? Is this IP still a Cloudflare IP?

This could be an IP used for Cloudflare Warp.
Those are managed by Cloudflare, but not in the list because traffic is user-controlled and can’t be trusted like traffic from the CDN.

Edit: My current Warp-IP is 104.28.217.174. So your’s is definitely from the Warp address pool.

2 Likes

Like mentioned above - the public IPs list on https://www.cloudflare.com/ips/ is exclusively IPs that will be used for fetching your origin.

Anything else can be a number of other products, including WARP, which do not need to be allowed to talk to your origin directly.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.