Cloudflare's 'HTTP_CF_CONNECTING_IP' header

So the problem appears to boil down to the fact that Cloudflare’s ‘HTTP_CF_CONNECTING_IP’ header sometimes contains an IPv4 address and sometimes contains an IPv6 address, even though the requests are originating from the exact same machine on the exact same network.

For example, here is what Postman shows as a response header for a certain GET request (identical for POST requests as well):
[HTTP_CF_CONNECTING_IP] => 24.4.153.99

This is in fact my network’s IPv4 address.

However, if I read the same header using PHP (viz. $_SERVER[‘HTTP_CF_CONNECTING_IP’], I get an IPv6 address as follows:
[HTTP_CF_CONNECTING_IP] => 2601:647:cc00:975b:65c5:f8b0:7458:d4c5

This is in fact my network’s IPv6 address.

But the application needs this header to be consistent, whether the requesting network uses IPv4 or IPv6 or both.

Perhaps Cloudflare can explain to us what we need to do to make sure this header, that they originate, always reflects the same IP address version for a given network?

We could possibly disable the IPv6 support and gateway in CloudFlare. But, I would not recommend this, as we may find a growing number of people unable to connect to the site.

Would love some information from Cloudflare to get an explanation as to why the header (HTTP_CF_CONNECTING_IP) sometimes returns a v4 address and sometimes a v6 address. Is this simply a problem with Postman or are we going to see it with other devices as well?

I.e. https://support.cloudflare.com/hc/en-us/articles/202494830-Pseudo-IPv4-Supporting-IPv6-addresses-in-legacy-IPv4-applications

This would suggest your network requests use IPv4 and IPv6 alternately.

Cloudflare put into this header whatever the connecting client IP is, so they really have little control over what the user-agent decides to do.

It might be worthwhile investigating if you can adjust the Happy Eyeballs timers to get more uniform transport protocol use.

Also check if your network has ‘good’ IPv6 connectivity, or are you getting sub-optimal routing compared to IPv4.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.