What is the name of the domain?
What is the issue you’re encountering
We use a WooCommerce plugin to hide specific products based on a visitor’s country (IP geolocation), but after enabling Cloudflare, the plugin fails to detect the correct country. Real users in restricted regions (like UAE) are seeing products that should be hidden. We suspect Cloudflare is passing incorrect IP or caching a geolocation result. We’ve disabled “Cache Everything” and added Page Rules to bypass cache, but the issue persists. How can we ensure that Cloudflare forwards the real IP and doesn’t interfere with WooCommerce geolocation?
What steps have you taken to resolve the issue?
Hello Cloudflare Community,
I’m currently running a WooCommerce-based online store where we need to restrict visibility of specific products based on a customer’s country — primarily due to limitations imposed by our payment gateway (based in the UAE).
Our Setup:
Hosting: Websupport, WordPress + WooCommerce
Geolocation Plugin: Country Based Restrictions for WooCommerce
Geolocation method: WooCommerce built-in geolocation (using MaxMind database, now upgraded to a paid GeoIP2 Country Pro license)
Firewall & Security: Wordfence (enabled to prevent brute-force and DDoS)
CDN & Cache: Cloudflare (Free plan, caching previously set to “Cache Everything”, now disabled)
The Problem:
After enabling Cloudflare, our WooCommerce plugin that hides products for specific countries stopped working correctly.
Here’s what’s happening:
When we test access from Slovakia using a VPN set to UAE, products are correctly hidden (as expected).
However, when a real user in Dubai checks the site, they can see restricted products, which should be hidden.
Debug info on the site (using WC_Geolocation::geolocate_ip()) reports incorrect countries (e.g. JP instead of AE).
We confirmed that the visitor’s IP (from Etisalat in the UAE) is correctly detected by external services like IP2Location and MaxMind demo tools as being from Dubai/UAE.
Our WordPress wp-config.php is already set to use:
if (isset($_SERVER[‘HTTP_CF_CONNECTING_IP’])) {
$_SERVER[‘REMOTE_ADDR’] = $_SERVER[‘HTTP_CF_CONNECTING_IP’];
}
What We’ve Tried:
Disabled “Cache Everything” in Cloudflare.
Set Cloudflare Page Rules to bypass caching for the shop.
Cleared all Cloudflare cache manually.
Ensured Wordfence is not interfering (IP detection is set correctly).
Upgraded MaxMind to a paid GeoIP2 Pro and manually updated the .mmdb file.
Tested with multiple VPNs and real users.
What We Need to Achieve:
We simply want Cloudflare to not interfere with IP geolocation detection, so WooCommerce can:
Accurately detect a visitor’s real IP/country.
Correctly hide products for restricted countries (e.g. UAE, Saudi Arabia, etc.).
The Question:
Is there a specific Cloudflare configuration or header that we should enforce to make sure the real visitor IP is properly passed to WooCommerce geolocation?
Also, are there any known conflicts between Cloudflare and WooCommerce’s geolocation or the “Country Based Restrictions for WooCommerce” plugin?
Any insight, advice, or best practices for this setup would be highly appreciated.
Thanks advanced for help
What feature, service or problem is this related to?
I don’t know