Problem with IP addresses

My web application running on origin server is using IPLocations to filter out access IP baes on location. My web application only accept IPs from US and Canada only.

Now using CF, my web application is kicking everyone out even the IP is from US. How do I resolve this?

Hard to tell why it is happening without logs. However, if you are using Cloudflare for your domain, it might be worth having Cloudflare doing all the IP checking to save on CPU and bandwidth to your server.

Cloudflare’s edge will contact your origin based on the closest datacenter to the user. It would be helpful to know which edge server you’re reaching when you try to access your site.

You can find that information by going to: https://yourdomain.com/cdn-cgi/trace

You’ll receive output like this:

fl=15f390
h=yourdomain.com
ip=ip.add.r.ess
ts=1665615018.017
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
colo=DFW
sliver=none
http=http/2
loc=US
tls=TLSv1.3
sni=plaintext
warp=on
gateway=on
kex=X25519

“Colo” will be the name of the datacenter your request was served from. See Cloudflare System Status for list of all the codes used and their locations.

Depending on how your origin is configured to block these IPs, our server might be contacting your origin from an IP outside of your allowed region.

Additionally, your origin may be incorrectly configured to block IPs or are using stale/inaccurate GeoIP location data to feed your firewall’s detection system.

If you would like to block access to your site from certain locations, I would recommend creating a page rule that does this. This way you can block the request at the edge of Cloudflare’s network instead of at your origin which might cause unintended behavior.

2 Likes

So for my testing purpose, I am in Dallas, Texas, I am using my mobile phone with AT&T (No Wifi) to connect to my web application page. It kicked me out.
At the same location, I open Chrome browser on Desktop (Connected to LAN) then I am able to go to my web application page.

That is so strange.

They way I use IP2Locations (https://www.ip2location.com/) in my web app is this:
If Country = US or CA then go to Good, can browse the site.
Else Go to a page “You are not welcome here”

So here is the data from trace for Desktop version:

fl=558f26
h=mysite.net
ip=72.48.252.185
ts=1665676434.512
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
colo=DFW
sliver=none
http=http/2
loc=US
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
kex=X25519

and this is the data from trace for Mobile phone

fl=557f35
h=mysite.net
ip=2600:387:1:809::c2
ts=1665676498.462
visit_scheme=https
uag=Mozilla/5.0 (Linux; Android 9; SM-G955U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36
colo=DFW
sliver=none
http=http/2
loc=US
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
kex=X25519

So I notice the IP on desktop is IP4 and IP on Mobile is IP6

I am at lost here. What to do?
Thanks for your help

To troubleshoot further, you’ll need to know which IP address your origin is seeing when you browse the website and are redirected to your block page.

Per the CDN trace you can see you’re reaching a US datacenter in Dallas. If you want to check your origin server logs for these requests, that should tell you what the server is seeing. You can then cross-reference that with your IP2Location config to determine why your redirect happened.

Cloudflare doesn’t play a role in how your origin handles requests so this might be something worth reaching out to your server administrator or hosting provider for.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.