I’ve written a script that checks connecting IP and if it doesn’t come from official CF IPs then is blocked. Works fine on about 5 sites. But I got a new site, and a few hours after I installed and tested it, suddenly all legit traffic started to be blocked, including my request from my computer. The logfile analysis shows that HTTP header HTTP_X_REMOTE_IP or HTTP_X_FORWARDED_FOR wasn’t passed. Only headers added by CF that been present are:
So far on other sites, the header HTTP_X_REMOTE_IP has been passed without any issue.
Any thoughts on what could happen? I have to run it again without blocking to see if it’s fixed. But still, if this is not a reliable way to get connecting IP then I can’t avoid checking for bypassing traffic, right? Any suggestions are welcome, thank you!