So the problem appears to boil down to the fact that Cloudflare’s ‘HTTP_CF_CONNECTING_IP’ header sometimes contains an IPv4 address and sometimes contains an IPv6 address, even though the requests are originating from the exact same machine on the exact same network.
For example, here is what Postman shows as a response header for a certain GET request (identical for POST requests as well):
[HTTP_CF_CONNECTING_IP] => 220.127.116.11
This is in fact my network’s IPv4 address.
However, if I read the same header using PHP (viz. $_SERVER[‘HTTP_CF_CONNECTING_IP’], I get an IPv6 address as follows:
[HTTP_CF_CONNECTING_IP] => 2601:647:cc00:975b:65c5:f8b0:7458:d4c5
This is in fact my network’s IPv6 address.
But the application needs this header to be consistent, whether the requesting network uses IPv4 or IPv6 or both.
Perhaps Cloudflare can explain to us what we need to do to make sure this header, that they originate, always reflects the same IP address version for a given network?
We could possibly disable the IPv6 support and gateway in Cloudflare. But, I would not recommend this, as we may find a growing number of people unable to connect to the site.
Would love some information from Cloudflare to get an explanation as to why the header (HTTP_CF_CONNECTING_IP) sometimes returns a v4 address and sometimes a v6 address. Is this simply a problem with Postman or are we going to see it with other devices as well?