Cloudflare not forwarding IPs correctly

Website, Application, Performance
1

One of my sites (running Wordpress), for some reason doesn’t seem to be forwarded the correct IPs. Cloudflare is forwarding private IP addresses for some reason. My website is hosted on DigitalOcean. All other websites I have hosted work perfectly fine, Cloudflare forwards the IPs correctly but this one is giving me a lot of trouble.

I am using NGINX, and I have this included in my NGINX config:

set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;
real_ip_recursive on;

When I remove this, it shows Cloudflare IPs as expected. I have tested this with a simple PHP script on the same website that displays the headers, and it’s showing “Cf-Connecting-Ip: ”.

I even looked at the /cdn-cgi/trace endpoint, and it’s displaying my correct IP address.

Is there anything else I can check for what I am doing wrong? This is driving me insane.

4

Hello hyper

The configuration snippets you posted seem correct and should forward the real client IP to your server. There are two possible issues that could cause this problem:

  1. Incorrect configuration: Check if the configuration you posted is included in the specific server block which handles the concerned site. Also, verify that there are no other set_real_ip_from or real_ip_header configuration lines in your whole nginx configuration, as they could override the ones you posted.
  2. Network issues: It could be possible that there is an upstream proxy or load balancer which is changing the “CF-Connecting-Ip” header before it reaches your server.

Consider checking for these potential issues. If these steps do not resolve your issue, please contact your hosting provider to clarify if they have any policies or security measures that could intercept or change HTTP headers.

Regards,