X-Forwarded-Proto missing in some recent traffic

What is the name of the domain?

What is the issue you’re encountering

A small portion of requests proxied through Cloudflare arrive at the origin with an X-Forwarded-For header, but no X-Forwarded-Proto header. This is a recent regression in the last few days, in increasing rates; previously, all requests seen by the origin had the header.

What are the steps to reproduce the issue?

There is no obvious pattern in which requests or clients are affected, so we have been unable to reliably replicate the issue.

Additionally, the documentation CloudFlare provides on X-Forwarded-Proto is either wrong, or vastly at odds with the common interpretation of the header. Cloudflare documents that it is the protocol the proxy used to talk to the origin, instead of the protocol the client used to talk to the proxy. The former is pretty useless, since the origin already knows what protocol it’s talking to the proxy. The possible point of the header is to convey the information that the origin can’t see, which is what protocol the proxy itself saw.

We’re seeing the same thing at our company, a flood of recent requests from cloudflared -> origin server arriving at the origin with a missing/incorrect X-Forwarded-Proto, when previously they had it.

I agree the Cloudflare docs that alexmv linked seem to state that CF is setting the header to the opposite of what it should be.

Here is how we run our tunnels:

services:
    nginx:
        ...

    argo:
        image: cloudflare/cloudflared
        command: tunnel --no-autoupdate --overwrite-dns --protocol http2 --retries 15 --url http://nginx:80 --hostname abc.example.com --name abc.example.com
        volumes:
            # https://dash.cloudflare.com/argotunnel
            - ./etc/cloudflared:/etc/cloudflared

This topic was automatically closed after 15 days. New replies are no longer allowed.