WARP BUG ? A website is logging my ISP ip number despite I am browsing with WARP activated

Hi there!

I have CF WARP free installed and activated in my up-to-date macOS Monterrey.
I have made tests on Google (“what is my ip”) and, as expected, it changes my public IP number:
it hides the original IP assigned by my ISP with an IP number from the CF edge.
Thats fine.

Websites receive CF WARP IP (for example: in PHP [REMOTE_ADDR])

But for my surprise, a webportal I use to sign-in always sends to me a security notification email including my IP address: the logged IP is not the CF WARP IP; but my ISP one.
I am not sure if their DNS is CF or not.

I also know that, if they are behind CF, they can get some request headers
https://developers.cloudflare.com/fundamentals/get-started/reference/http-request-headers/

In that case, wouldnt they get WARP IP instead ?
Why are they getting my ISP read IP number if I am browsing with WARP activated ?

Any idea ?

Thanks in advance,
another CF_GUY

Websites using Cloudflare can get the real IP of the visitor, WARP is not designed to be a VPN that hides your IP.

From the FAQ:

Cloudflare WARP Client in WARP mode was meant to ensure all your traffic is kept private between you and the origin server

(that is, the site you are connecting to), but not from the origin itself. In a number of cases, if the origin site you are communicating with cannot determine who you are and where you are from, it cannot serve locale-relevant content to you (that is, anything related to a customized user experience, such as language or regional configurations).

Sites inside Cloudflare’s network are able to see this information. If a site is showing you your IP address, chances are they are in our network. Most sites outside our network, however, are unable to see this information and instead see the nearest egress server to their server. We are working to see if in the future we can find a way to more easily share this information with a limited number of sites outside Cloudflare’s network, where it is relevant to both parties.

https://developers.cloudflare.com/warp-client/known-issues-and-faq/

5 Likes

Dom, thanks for your confirmation. But I am still confused…
It is clear the purpose of Warp.
What is not is this: when activated, the client’s IP is changed before coming to the server’s side (with or without CF DNS services). So when the request comes to CF services, the request IP is already different.

This is how I see from the outside: If I am wrong please clarify:

Scenario A - without Warp or Warp deactivated:

client’s IP number = ISP IP → Cloudflare edge → server’s CF-Connecting-IP = ISP IP number

Scenario B - with Warp Activated:

client’s IP number = Warp’s IP → Cloudflare edge → server’s CF-Connecting-IP = Warp’s IP number

What am I missing here ?
Thanks again,

CF_GUY

Some testing: a Google Apps Engine (GAE) that vardumps all env-variables.
two web requests to compare:

  1. Directly to appspot.com (to avoid Cloudflare edge)
  2. To a (proxied) domain that points to the GAE app. this domain’s DNSs are managed by Cloudflare.

both with WARP activated.

(hidden real IPs)

  • ISP assigned IP = 24.232.x.x
  • WARP assigned IP = 8.37.x.x

vardump results for both web requests:

  1. Direct
[HTTP_FORWARDED] => for="8.37.x.x";proto=https
[HTTP_X_FORWARDED_FOR] => 8.37.x.x
[HTTP_X_APPENGINE_USER_IP] => 8.37.x.x
[FORWARDED] => for="8.37.x.x";proto=https
[X_FORWARDED_FOR] => 8.37.x.x, 169.254.1.1
[REMOTE_HOST] => 169.254.1.1
[REMOTE_ADDR] => 169.254.1.1

    [HTTP_X_APPENGINE_CITY] => buenos aires
    [HTTP_X_APPENGINE_CITYLATLONG] => -34.xxxxx,-58.xxxx
    [HTTP_X_APPENGINE_REGION] => c
    [HTTP_X_APPENGINE_COUNTRY] => AR
  1. CF proxied domain
[HTTP_FORWARDED] => for="198.41.231.153";proto=https
[HTTP_X_APPENGINE_USER_IP] => 198.41.231.153
[HTTP_X_FORWARDED_FOR] => 24.232.x.x,198.41.231.153
[FORWARDED] => for="198.41.231.153";proto=https
[X_FORWARDED_FOR] => 24.232.x.x,198.41.231.153, 169.254.1.1
[REMOTE_HOST] => 169.254.1.1
[REMOTE_ADDR] => 169.254.1.1

-->[HTTP_CF_CONNECTING_IP] => 24.232.x.x

    [HTTP_X_APPENGINE_CITY] => ?
    [HTTP_X_APPENGINE_CITYLATLONG] => 0.000000,0.000000
    [HTTP_X_APPENGINE_REGION] => ?
    [HTTP_X_APPENGINE_COUNTRY] => US
    [HTTP_CF_IPCOUNTRY] => AR

Interesting notes:

a) if web request is proxied by CF, no reference to WARP IP… but ISP IP
b) if web request is proxied by CF, GAE GEO headers are lost
c) if web request is proxied by CF, GAE HTTP_X_APPENGINE_USER_IP refers to CF proxy

conclusion:

Cloudflare replaces WARP IP with original ISP IP…
totally unexpected behaviour

CF_GUY

Cloudflare replaces WARP IP with original ISP IP…

This is fully expected behaviour in some cases like referenced by domjh - Warp is not made to hide your IP address, and so any sites that leverage Cloudflare’s network will be able to see your IP address.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.