How to turn off IP proxies for visitors on Flexible SSL


Is it possible to switch off IP addresses from being proxied for visitors of my website when using your Flexible SSL option? Reason being is we have a setting that allows customers to login via the domain name (that has Cloudflare flexible SSL on) however some of them switch on an ‘IP locking’ feature which uses their static IP address to allow access, however now that the IPs are being mixed up due to all visitor IPs being proxied it no longer works (as it looks like they are logging in under different IP addresses).

Is there anything I can do to retain the original IP addresses of certain visitors instead of Cloudflares proxy ones or is that a general setting of the free/flexible SSL that cannot be changed?

I know I can switch the grey cloud on for the A records however that seems to turn the SSL off for it which I don’t want to happen,


Yes. CF passes the header Cf-Connecting-Ip that contains the user’s real IP address, see

You can either “rewrite” ip addresses in your web server (apache/nginx) via or you can instrument your application code to use the Cf-Connecting-Ip header instead of REMOTE_ADDR.

This topic was automatically closed after 30 days. New replies are no longer allowed.