Wrong IP without worker CF-Connecting-IP 2a06:98c0:3600::103


I can no longer retrieve the IP address of visitors with PHP (since yesterday I believe).
The Cloudflare configuration seems correct to me, is there an automatic rule on your side? I consistently retrieve a Cloudflare IP address.

IP : 2a06:98c0:3600::103

I don’t understand why…
Thanks for your help :slight_smile:



Receiving the same issue, but as “it’s not a bug”, I am confused.

1 Like

Thanks, I just saw your thread.

It’s strange because I don’t use Cloudflare workers. I use Cloudflare’s free plan.
I have several domains that are different websites and are attached to the same Cloudflare account.

I only have this problem with one of my websites. On my other websites, no problem to retrieve the IP address of my visitors.

1 Like

Same here, using Free plan and without Workers.


Same too me. Using free plan and without workers. But HTTP_CF_CONNECTING_IP = 2a06:98c0:3600::103 HTTP_X_FORWARDED_FOR = 2a06:98c0:3600::103

1 Like

Same problem here. Using Free plan without workers or APO. Detection of IP set to “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare,” but IP showing are
Detected IP(s): 2a06:98c0:3600::103
Your IP with this setting: 2a06:98c0:3600::103


Ufff! I was beginning to think I’m lost the head.
Same here, free plan, no workers, and the same ipv6 [2a06:98c0:3600::103] reported as real user ip.
As far as I can see mainly bots request, but some normal users too.
I read in the other thread that a request comming from a worker out of our zone uses this ipv6, so seems CF is catching external request with a worker (don’t know with what purpose) and this worker makes the request to the backend server, some like:

user → worker → CF proxy → Backend server

So for the backend server the “real-ip” is the ip used by the worker.

Maybe some people from CF can explain whats is happen?


In my case, it seems to be the whole domain going through a worker that I don’t use. :frowning: Therefore, the IP address of all my visitors (or almost) is this famous IPv6…

This is annoying for me, the website concerned is a toplist where visitors can vote for their favorite gaming site. And I use the IP address to control the delay between two votes.


I have noticed this too starting yesterday, with the same ipv6 address left in the origin server logs and in the firewall logs.
I was using the firewall to control site access for my own ip only.
Had to switch to using access instead that works for my use case but not yours.

1 Like


Where are your sites hosted? Are you using a managed hosting provider (if so, which?) or are you hosting it yourself?

Alongside that, do any of you have any Cloudflare Apps installed?



No apps for this domain and it’s a dedicated OVH server on which Debian is installed with Proxmox.

The domain is hosted on an LCX Proxmox container (Apache + PHP 8.1) on which there are also other domains hosted by Cloudflare.

Other domains (Proxified / Orange Cloud) on the same LXC container have no problem to retrieve the real IP address.

1 Like

Does everyone impacted have any Zaraz configurations enabled? I was able to replicate this with Zaraz enabled.


I have Zaraz enabled, but unable to disable for now as it is actively gathering data

1 Like

It appears that Zaraz is causing this, and messing with with the connecting IP when any configs are enabled. I’m working to escalate this to get some eyeballs on it ASAP. Thanks for the reports everyone!


My god, my hero!

I just disabled Zaraz and it works correctly again!


Also seeing this with Cloudflare Tunnel with Firewall Rules, giving Access denied

In Firewall Events, the IP address is 2a06:98c0:3600::103, which is Cloudflare’s. It’s no longer using my home IP address, which I’ve created an IP Access Rule with Allow: All websites in account

1 Like

I’m assuming you have Zaraz enabled, disable it to solve it temporarily.


I can confirm this has now been escalated and in front of the right people. Hopefully we’ll see a quick resolution, but if not, the simplest workaround for now as Matteo said is to disable any Zaraz tool configurations you have.


Thanks it’s worked for me !

1 Like

Hey, the team is working on this :slight_smile: