Is the CF-Connection-IP the real visitor IP?

Is the CF-Connection-IP the real visitor IP? Because probably isn’t, its filtered and Cloudflare set the Edge server Ip or something like that;

In the case how I can get the real ip, because in this way, its a BIG issue and to be sincere with our/your traffic have the IP filtered and replaced with someone “general” isn’t too good.

Some sister need to have the true ip to setup some behavior of some users too.

P.S. im using the Cloudflare Worker that its great but now I have this doubt.

Yes, CF-Connecting-IP is the true visitor address (unless they are using a VPN or anonymising proxy of course), just one case to be aware of…

CF-Connecting-IP can be used to restore original visitor IPs…

1 Like

I saw this Restoring original visitor IPs · Cloudflare Support docs

but im not using apache, im using Cloudflare Worker so for me is pretty useless; Im checking all through the worker, obviously I can’t trust at 100% because im limited to my machines.

So now im passing to the response headers (Using transform rules) edge server ip and the “ip.src” field, are different; ip.src is the same of my router ip.

There is another problem, that switch between ipv4 and ipv6, so this mean that if you are building a filtering system you will have the same visitor twice.

So now I dont know if cf-connection-ip is the real ip and the same user come two time with two different ips

I use a worker to pick up CF-Connecting-IP. It works as expected. As I noted, subrequests can return a dummy value for security but other than this it is correct.

1 Like

What kind of dummy value do you get with sub requests? Actually I dont know if im using sub requests, probably yes, but I have to read when kick in

In the link I originally posted…

“In cross-zone subrequests from one Cloudflare customer zone to another Cloudflare customer zone, the CF-Connecting-IP value will be set to the Worker client IP address 2a06:98c0:3600::103 for security reasons.”

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.