Get the original client IP (True-Client-IP Header)

Our application needs the original IP as we have several services that can only be accessed by certain IP ranges.

As far as I understand, Cloudflare does only pass on the original client IP with the “Enterprise Plan” (Feature True-Client-IP Header). But our application budget can not afford that plan and i wonder whether other possibilities exist. I don’t need all features from Enterprise, I just need PRO + this IP feature.

Thanks for throughts.

On all plans the CF-Connecting-IP header does the same thing.

Depending on your backend, you might want to restore visitor IPs…

2 Likes

Thanks, but on the same page it says « True-Client-IP (Enterprise plan only) » , I need the IP of the user accessing the web site.

I just logged what I get from cloudflare requests:
cfCountryCode=CH → correct!
cfIP=243.201.173.220 → not correct, this is a Cloudflare IP, not mine!
cfIPv6=2a02:168:4b32:0:2d20:41c6:6064:19da → not correct, this is the IPv6 of a cloudflare server in France
cfIPv4Pseudo=243.201.173.220

So on any non-Enterprise plan, you won’t get the original client ID! This sucks,

As I said (and was in the link), you need to use the CF-Connecting-IP header to get the client IP address. I do so on sites from free to enterprise (as well as restoring visitor IPs) as do most people. It does work.

1 Like

True-Client-IP is a HTTP request header that contains exactly the same value of CF-Connecting-IP but under a different header name. Its mainly only used by customers migrating to Cloudflare from Akamai who are unable to change their backend systems.

More here: Cloudflare HTTP request headers · Cloudflare Fundamentals docs

2 Likes

I read the HTTP header CF-Connecting-IP and I don’t get my IP, i only get the IP from Cloudflare Servers.

What about here? This is a test endpoint I have that returns the HTTP request headers. Do you see your IP in CF-Connecting-IP, X-Real-IP or True-Client-IP?
https://info.cflare.dev/

My IP is 81.6.x.x , what I get from the HTTP header CF-Connecting-IP is 243.201.173.220

Neither of these are Cloudflare IPs, see here:

ok, but it’s not my IP either

Tried it, i don’t see any IPv4 address in the JSON response.

243.201.173.220 is a Class E. Do you have 'Pseudo IPv4` enabled? Understanding and configuring Cloudflare's IPv6 support · Cloudflare Support docs

4 Likes

Yes I have. I guess that this is the problem then. I’ll read more about that setting. Hopefully i can resolve it.

This isn’t a Cloudflare IP… it’s likely yours. If you’re connecting via IPv6, there is no IPv4 address to report. Disable Pseudo IPv4 it’s specifically designed to provide a ‘fake’ IPv4 when a user connects via IPv6 for systems that can’t grok IPv6.

2 Likes

Ok, i disabled Pseudo IPv4 and now i only get the IPv6, and I noticed that this is actually my own IPv6.

So on the bottom line the following can be said:

  • CF-Connecting-IP always contains the real client IP, either v4 or v6

Correct?

1 Like

From the docs…

The original visitor IP address appears in an appended HTTP header called CF-Connecting-IP.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.