Get original visitor IP for PAST browse/visit events

How can we get the original visitor IP for PAST browse/visit events?

I’ve found multiple resources for retaining visitor IP addresses going forward, and we will indeed be implementing this capability.

However, one of our clients had threatening messages left on their WordPress site (via Gravity Forms form and LiveChat ticket submission), and we’d like to know whether there is any way of getting original/real visitor IP addresses for those form submission events, even though they occurred in the past (and we had not yet implemented any visitor IP retention processes).

Can this be done? How?

If it’s a question of requesting privileged information or the like from Cloudflare, would a police or FBI request help? If so, does anyone have any expediting advice on how to get this to work well and quickly?

Visible at the log files on your origin host / server?

If yes, kindly see below article which includes step-by-step instructions how to achieve it while using proxied (:orange: cloud) Cloudflare for your domain name:

Unfortunately, no. Even on Enterprise plans, there’s no way to retroactively pull traffic logs.

You can certainly try a legal approach, but Cloudflare processes billions of requests every day and doesn’t log all of it. You’d have to have the appropriate agency contact Cloudflare directly.

Keep in mind that the Original Visitor IP restoration feature is actually handled at hosting server by inspecting the request headers. Cloudflare sends this data automatically in every request, and it’s up to your server to process it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.