Does Cloudflare Tunnels pass the Source IP of the visitor to webpages?

I have a simple Wordpress site set up and I’m using Cloudflare Tunnels to route to the page. This all works fine but I noticed in my logs that I 've seen some strange IP addresses connecting. I went through and check the Cloudflare pages and these aren’t on the list. I thought all connections through the tunnels would appear as a Cloudflare IP. Is that incorrect?

There should be no other access to their server except through the tunnel.

Cloudflare Tunnel works the same way as regular connections. Visitors hit the edge node, and their request is processed there, including the Visitor IP headers. It’s only the connection from the edge to your server that’s different.

Not really. They’ll come from localhost, since that’s where cloudflared is running. If I don’t Restore Visitor IP addresses, my logs will show my local IP address.


Or the IP used to connect to the server hosting the service, if cloudflared is running on another machine, either local or remote.


That’s interesting, and concerning then.

Why is this a concern? If you don’t restore Visitor IP address, you get the wrong IP address in either situation.

Or is it a concern because you can’t account for the strange IP address you’re seeing? If it’s an IPv4 address, you may have Psuedo IPv4 enabled:

1 Like

Because I don’t have restore Visitor IP set and I’m getting IPs that aren’t my local host. Which means I’m curious why I’m seeing those IPs in my logs since all connections should be through the tunnel.

I also don’t think it’s Psuedo IPv4 because I also have IPv6 IPs in the logs as well.

1 Like

Then definitely check your firewall on the server.

1 Like

@daniel92374 Are you using vps server, are you using cloudflare tunnel.

did you do any configuration from here

Did you put this code $_SERVER['HTTPS'] = 'on'; in wp config

Because when using cloudflare tunnel with WordPress I am facing redirect loop on wp admin. So that I know if it’s my problem.

The server is behind the edge router firewall. The only access to it is through Cloudflare Tunnels