How to get visitor IP address over CloudFlare


#1

Hello,

All my visitors, users IP come from Cloudflare for the past month or two I don’t know what I did wrong anymore.
I need help to restore the original IP address

The plugin cloudflare wordpress is installed correctly
The site is in https

I tried the solutions at my disposal on the support but I can’t put them into practice.

Please help !


#2

The best way to do it is to have mod_cloudflare installed on the server:

Their Wordpress plugin supposedly helps a bit, but I don’t see any documented proof of this functionality.

All HTTP connections to Cloudflare return the visitor IP address in the headers:
X-Forwarded-For header
CF-Connecting-IP header

I use Wordfence, and it knows to pull the original IP address from the headers.


#3

Thank you for answering.

I have already installed this plugin and indeed the IP address corresponds to the IP address of the visitors.


Use the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result.
This option is the only one that shows the CloudFlare IP all others are mine.

However, for wp statistics plugin or woocommerce the IP addresses come from cloudflare

How to resolve that issue and make all others plugin react like wordfence ?

Also cannot install mod cloudflare from my hosting package, i have access to SSH but no API HOSTING KEY


#4

There’s a bunch of things that may help you.

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

On the other hand, there’s an option to get the visitor IPs via HTTP header from CloudFlare but you would need to upgrade to enterprise.

Network -> True-Client-IP Header


#5

There is a solution but I can’t find one that is best suited to this issue in the list

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

I’m sure if I find the code to put in the wp config php header same as wordfence :

-REMOTE ADDR
-X REAL IP
-CF CONNECTING IP

this issue would be resolved

If I add this code in the wp config php header, the Cloudflare IP addresses will appear in the real LIVE traffic no matter what option is chosen. Do you understand what I’m saying?

if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
	$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

	$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}

Here is my configuration, is there please an alternative solution?


#6

This topic was automatically closed after 14 days. New replies are no longer allowed.