Not all people have visible IP's in Cloudflare

I’ve post similar topic about half year ago.

@sdayman gave good fix for this:

if ( isset( $_SERVER[“HTTP_CF_CONNECTING_IP”] ) ) {
$_SERVER[‘REMOTE_ADDR’] = $_SERVER[“HTTP_CF_CONNECTING_IP”];
}

But now few people have not visible their IPs (maybe they’re using tor or mobile phone?).

I see strange numbers like 2a01:116f:405:2100:3061:94f1:ce09:d1ea instead of IP.

Please help!

You shouldnt be using that PHP code but use the proper solution of running mod_remoteip (assuming you are on Apache 2.4).

And that “number” is still an IP address, just an IPv6 one.

1 Like

I’m on shared hosting and can’t change Apache options.

Maybe this IP is from mobile phone.

Can we translate ipv6 to normal ip adress? Or ban ipv6 in Cloudflare?

IPv6 addresses are normal IP addresses. They’re just not IPv4 addresses.

They can’t generally be “translated”.

You can just ban users’ IPv6 addresses.

1 Like

:wave: @matrixpoland,

This is an IP address. It’s an IPv6 address. While it doesn’t look like an IPv4 address it’s no less valid. An IP address correlates a user to an IP address. Because there is a limited IPv4 address space space companies and telcos have resorted to using things like NAT where multiple machines share the same IP address (normally from your home internet all users have the same IP from an external perspective).

Imagine for a moment that you have a rogue user visiting your site from a popular coffee shop in town and he does something that causes his IP address to be blocked by Cloudflare. When you go to the coffee shop suddenly you are blocked as well because the IP address reported is not actually that of the visitor, but that of the coffee shop’s internet connection.

Wouldn’t you rather block the individual user who was acting maliciously? With IPv6 there are many more addresses so NAT is no longer necessary and each device gets it’s own IP address.

Unless you have an application which doesn’t support IPv6, preventing your website from allowing IPv6 native connections has noting but downsides in terms of performance and availability. Can you disable IPv6? Yep, you’ll need to use the API though to make the change.

-OG

I can’t block him because he will create new accoutns. I must block him by IP.

I understand that i can paste 2a01:116f:405:2100:3061:94f1:ce09:d1ea to Cloudflare firewall and choose option equal to ip and it will be working?

Yes, that will work.

1 Like

This is not working. This user is not banned.

This is his IPs:

2a01:116f:405:2100:810e:2f2c:d03:332b

2a01:116f:405:2100:9dcc:baa4:3ea8:e08c

2a01:116f:405:2100:3061:94f1:ce09:d1ea

2a01:116f:405:2100:f984:695b:6e95:d326

Beginning is the same. End is not.

You could try to block 2a01:116f:405:2100::/64, though keep in mind this will block 18 quintillion hosts, so maybe a captcha challenge might be better, unless the user can solve them of course.

This is not good option to block that number of hosts.

We need something to read this IPs like IP vs4.

You cant “read” an IPv6 address like an IPv4 one. That simply does not work.

I am not saying it is a good idea to block that number of addresses, but thats what you asked.

What you could try is play with Cloudflare’s pseudo IPv4 address - Eliminating the last reasons to not enable IPv6 - but I doubt that will get you far either. You are referring to an address space of 14 quintillion addresses here, you wont be able to pack this reasonably into an IPv4 address.

Blocking a single IPv4 address, or an IPv6 /64, often has a similar amount of collateral damage.

In residential situations, the typical assignment sizes are one IPv4 address, and a /64 to /48 IPv6 range (probably usually at the smaller end of that). (When IPv6 is available at all.)

On the other hand, it’s not unusual for a /64 to contain thousands of users.

Your firewall rule syntax is incorrect. You have used an AND operator where you should be using an OR operator. You should either change the firewall rule to use OR (a user doesn’t have multiple IPs simultaneously for a given connection) or use the IP access rules under Firewall | Tools to block each address individually.

The main problem is why i can’t see IP vs4 when i enable cloudflare. If i disable i can receive these IPs.

Ill try other solutions, thanks.

Because there are no IPv4 addresses in these cases. All you can do is disable IPv6 on Cloudflare.

I can’t disable IPv6 on cloudflare free option. I can add headers or overwrite headers for IPvs4. What are differencies?

You can. Just not in the UI. Please use the search here to find out how, that has been discussed more than once.

What?