We have an application in which you log in to see all the services of the company. When I turn on cloudflare proxy for this site, the connection source IP is one of the cloudflare range (https://www.cloudflare.com/es-es/ips/), and change every x seconds.
This causes my firewall/balancer close sessions because not coming from the same IP as the initial connection.
I read about True-Client-IP (https://community.cloudflare.com/t/difference-between-cf-connecting-ip-and-true-client-ip/418616), but it is only available in enterprise plan.
Also i tried the headers funtions X-Forwarded-For or Cf-Connecting-Ip, but my firewall/balancer/IPS dont read the headers, only the source IP.
Because Cloudflare is a reverse proxy. Cloudflare forwards requests from the client to the server. Therefore, the source IP will be that of a Cloudflare server rather than the client.
Connections from Cloudflare to origin servers come from Cloudflare IPs. True-Client-IP is a solution that allows Cloudflare users to see the end user’s IP address, even when the traffic to the origin is sent directly from Cloudflare.