Hi team,
one of my domain is has CNAME pointing to AWS API Gateway and proxy enabled. When I am trying to allow only specific client by using there IP in AWS Resource policy we are getting Cloudfront IP in AWS API gateway Logs.
Can you please let me know how can forward the client IP to AWS API Gateway not Cloudflare IP ?
Greetings,
Thank you for asking.
I believe you would have to look into the below article to find out more information how to configure your AWS to restore the real visitor IP address, either using the CF-Connecting-IP HTTP header:
Cloudflare HTTP headers listed here:
Furthermore, might want to double-check if Cloudflare IPs are allowed at the AWS, as there could be some firewall too? 
Nevertheless, Cloudflare IPs can be found at the link below:
Hi fritex,
thanks for your response .
there is no document to allow or grep the CF-Connecting-IP in AWS policy, the document you have shared is basically for HA-Proxy or self hosted servers where we are running nginx or httpd or tomcat as a web server. AWS API Gateway is not similar to it.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.