We have a Cloudflare Business account with an SSL Certificate installed. The SSL certificate is on a Cloudflare Proxy Server. This means that any incoming traffic to our site is from the Proxy Server as the most recent entry point.
This causes issues with an API we have on our server. The API validates all incoming traffic based on the IP address of the server sending the API request - that IP address has to be whitelisted in the database in order for the API request to be accepted. The problem is that in the current setup, the incoming IP address is always the Cloudflare Server’s IP address, not the actual IP address of the server sending the API request. Therefore the IP address validation cannot work.
Is there any way to avoid having to go via the Cloudflare Proxy server for the SSL Certificate?
The IP address being read by our server is the Cloudflare Proxy server, not the visitor’s own IP address. That’s because (currently) for the SSL, it has to go via the Proxy server. So the request sent to our API goes through the following route:
[SENDER_SERVER] — Sender’s IP —> [CF_PROXY_SERVER] — Proxy’s IP —> [OUR_SERVER]
However - that link you sent may provide the answer to this issue. Thanks, we’ll check it out and see if it resolves the issue.