(Get a Free Cloudflare T-Shirt) Question of the Week- Do you restore original IPs for visitors to your site?

Do you restore original IPs for visitors to your site?

Make a video showing how you made that selection and describe how it helps you analyze traffic on your site. Post the video on any social media platform tag us, and drop the link here. The first 5 people to do this will receive a free Cloudflare t-shirt!

  • No, I thought every visitor was from Cloudflare
  • Yes, I use mod_remoteip
  • Yes, I use mod_cloudflare
  • Yes, we configured our webserver to do that
  • Other

0 voters

Get a free Cloudflare shirt, by answering the above question!
Photo to use

"Most" Questions of the Week

Show Us Why
Answer Questions of the Week with a link to a simple video, it can be a screen recording highlighting the feature, a tutorial of a function you find most useful, or even a video of yourself. Once you submit your video, tell us about it on the question to receive a custom community Cloudflare badge.

About Question of The Week
Weeks may come and go, but we never get tired of finding out how you answer the Question of the Week. See questions from previous weeks, tell us what you think, and share your video to earn your own Content Creator badge!

Cloudflare Content Creators Badge:
ccbadge

View Content Creator Badge Winners

1 Like

A quick demo to get the real ip address in php

2 Likes

I don’t bother to know the visitor IP.
Google Analytics would tell me where they are from.

Restoring Visitor IP addresses really doesn’t help with analytics. It’s more useful for website firewall and security features, logging user events, and at times may be necessary to maintain a consistent user experience.

4 Likes

I actually have IIS Advanced Logging set to a custom record format ( Advanced Logging for IIS - Custom Logging | Microsoft Docs) which includes the X-Forward address. This log is ingested by Datadog (datadoghq.com) and I use the log for lots of things - even alarms in case of visits from specific countries going over a threshold or going over the expected median for the time of the day.

My application also uses the x-forward address for lots of things - so a bit more than firewall and security.

1 Like

I’ve done the same thing with…darned if I can remember…some famous old analytics software that combed through my server logs. But, really, who of us goes through all that effort these days? Put your hand down, @freitasm. :crazy_face:

Update: AWStats! That was going to bug me all night if I didn’t ask the duck.

3 Likes

If Datadog gives me an alert in ten minutes of excess traffic from some countries then admins are more likely to stop a DDoS or some runaway bot. Not cheap though.

2 Likes

The red lines show when alerts were raised based on that rule:

3 Likes

We have firewalls and reverse proxies/load balancers in front of 98% of our origin servers. These are looking at True-Client-IP and/or X-Forwarded-For headers to log the original client IP.

1 Like