Need CF-Connecting-Port for French law

Hi,

Are we able to collect client connection port in the log ?
I didn’t find anything about that.

French governement just realased a new law asking for “social web” service provider to collect IP address and client port (the port used for out connection).
Why ? Because some internet provider, in lack of IPV4, share the same IP address with several customers. The router NAT function handle that and work with a specified port range.

The law
https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000044231067?isSuggest=true
The line
“1° L’adresse IP attribuée à la source de la connexion et le port associé ;”
translated in english
1° The IP address assigned to the connection source and the associated port;

Cloudflare team can you add this feature ?
Without this feature it is impossible to continue using Cloudflare for a French service.

Remi

You can create a Transform Rule to add a new header based on the client port number observed by the Cloudflare edge:

PS: I’m not really sure whether we can use a header name that starts with “CF”. If “CF-Connecting-Port” doesn’t work, then you may choose another header name such as “X-Client-Port”.

3 Likes

This field doesn’t seem to be included in the Firewall Language docs :confused: Is there a complete list of valid fields somewhere?

You can find it here
https://developers.cloudflare.com/rules/transform/request-header-modification/reference/fields-functions

I test “cf.edge.client_port” and come back.

1 Like

That page and Transform Rule page covers most of them. This one includes client_port - https://developers.cloudflare.com/rules/transform/request-header-modification/reference/fields-functions

1 Like

It’s not under Firewall Language docs. Refer to this:

https://developers.cloudflare.com/rules/transform/request-header-modification/reference/fields-functions

Edit: Wow. Three people reply at the same time :sweat_smile:

1 Like

Oh, alright! Thanks everyone :grin:

1 Like

Thanks @erictung
It works as explained.
I confirm you can’t use CF-Connecting-Port keywork, you get immediate error message when validating configuration screen.
I checked on my web server and get expected header with correct value.

Remi

1 Like

Thanks for the confirmation.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.