Same IP for most visitors (TOR, CloudFlare proxied site)

Hi,

I checked manual and correctly setup Nginx + Apache to see actual IP of users.
Sometimes ago I noticed that most IP (90%) of visitors is: 2607:5300:60:655d::
When I go from TOR or any browser, my IP is differ.

Does this CloudFlare WAF or proxy IP? Firewall rules are disabled and I have free account.
How to get actual IP of visitors? Currently I use this method:

$ip=$_SERVER["HTTP_CF_CONNECTING_IP"];
if (!isset($ip)) {
  $ip = $_SERVER['REMOTE_ADDR'];
}

Thank you

This address block appears to belong to OVH, so that should be presumably a French Tor server.

One thing, you really shouldn’t rewrite IP addresses on a PHP level, but do this on your server instead

I just OFF setting Onion Route in CloudFlare and IP looks actual now. But for another CF domain (also set OFF setting / firewall and ipv6) IP changed to 167.114.64.93 and this is also OVH NET.

This is for most 80-90% of visitors and I cannot understand why CloudFlare send requests with this IP.
If I try to use Chrome browser I see my real IP address.

Please help figure this out, CF Support cannot help me.

Cloudflare only includes the IP address of where the request originated. In the context of Tor that naturally is a shared address.

One other thing that could be - which is a direct consequence of you manually rewriting IP addresses instead of using mod_remoteip - is that someone could possibly connect directly to your machine and insert that header with a static value.

As you are not doing any additional sanity checks (as mod_remoteip would perform), and probably (assumption here) do not have locked down your server to Cloudflare-only, that would allow third parties to essentially forge the IP address.

Hello,

I correctly setup Nginx + Apache and IP looks actual, but most visitors have IP 2607:5300:60:655d::
Can anyone tell me what is this IP? May be CF WAF, but Firewall disabled.

I used this to get IP:

ip=_SERVER[“HTTP_CF_CONNECTING_IP”];
if (!isset($ip)) {
ip = _SERVER[‘REMOTE_ADDR’];
}

Thanks

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.