Real_ip_header not always working / cloudflare IP Ranges not complete

Hello,

I’ve configured my nginx to restore the original IP of my visitors. However, I’ve encountered an issue where it shows me as logged in with an IP that I’m not using. Upon investigating, I discovered that it’s one of Cloudflare’s IPs, specifically ‘172.70.46.116’. Further examination revealed more Cloudflare IPs in my logs, accounting for approximately half logged IPs.

Surprisingly, Cloudflare doesn’t list these IPs on their IP range page.

Could you shed some light on what might be happening here?

Thank you.

That IP actually falls within this range:

As you can see, it is on this site:

Appreciate the swift response. About half of the logged IPs don’t match mine, and all the incorrectly logged IPs are from this range like you said: 172.64.0.0/13
Is there something I might be overlooking?

This is my nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile off;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
    client_max_body_size 100m;
    client_body_timeout 120s;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
	ssl_ecdh_curve secp384r1;
	ssl_session_timeout  10m;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header Content-Security-Policy "frame-ancestors 'self'";
	add_header X-Frame-Options DENY;
	add_header Referrer-Policy same-origin;
    add_header X-Robots-Tag none;

    ##
    # Cloudflare Settings
    ##

	ssl_client_certificate /etc/ssl/nginx/cloudflare.pem;
	ssl_verify_client on;

    real_ip_header CF-Connecting-IP;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2a06:98c0::/29;
    set_real_ip_from 2c0f:f248::/32;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip off;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

Are you using Cloudflare healthcheck, a Cloudflare worker or other tool that’s making requests that don’t come from external users?

Thanks, I’ve identified the issue. It turns out that the actions logged were the ones not captured by the panel but by the daemon. The daemon wasn’t configured to look up the real IPs yet.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.