I can no longer retrieve the IP address of visitors with PHP (since yesterday I believe).
The Cloudflare configuration seems correct to me, is there an automatic rule on your side? I consistently retrieve a Cloudflare IP address.
IP : 2a06:98c0:3600::103
I use: $_SERVER[‘HTTP_CF_CONNECTING_IP’]
Same problem here. Using Free plan without workers or APO. Detection of IP set to “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare,” but IP showing are
Detected IP(s): 2a06:98c0:3600::103
Your IP with this setting: 2a06:98c0:3600::103
Ufff! I was beginning to think I’m lost the head.
Same here, free plan, no workers, and the same ipv6 [2a06:98c0:3600::103] reported as real user ip.
As far as I can see mainly bots request, but some normal users too.
I read in the other thread that a request comming from a worker out of our zone uses this ipv6, so seems CF is catching external request with a worker (don’t know with what purpose) and this worker makes the request to the backend server, some like:
user → worker → CF proxy → Backend server
So for the backend server the “real-ip” is the ip used by the worker.
Maybe some people from CF can explain whats is happen?
I have noticed this too starting yesterday, with the same ipv6 address left in the origin server logs and in the firewall logs.
I was using the firewall to control site access for my own ip only.
Had to switch to using access instead that works for my use case but not yours.
It appears that Zaraz is causing this, and messing with with the connecting IP when any configs are enabled. I’m working to escalate this to get some eyeballs on it ASAP. Thanks for the reports everyone!
I can confirm this has now been escalated and in front of the right people. Hopefully we’ll see a quick resolution, but if not, the simplest workaround for now as Matteo said is to disable any Zaraz tool configurations you have.