Cloudflare IPs rather than user IPs in log

Home Forums BulletProof Security Free Cloudflare IPs rather than user IPs in log


Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
  • #6560


    In my BPS security logs it only shows cloudlfare’s IP address rather than the IP they are forwarding even though it looks (to me and I’m no expert) that it believes it is displaying the forwarded Ip too under “HTTP_X_FORWARDED_FOR”. Is there a way to fix this or is this correct behaviour and the logs cannot show the users IP? An example:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 19, 2013 - 11:12 am <<<<<<<<<<<
    Host Name:
    REQUEST_URI: /sitemap.xml
    AITpro Admin

    To tell you the truth I am not really sure what cloudflare does exactly.  I am aware that any CDN service changes your DNS information in a way that you can never find out your true DNS info anymore, which makes things very difficult to troubleshoot, but that is just one of the minor downsides to using cloud services.

    The error looks suspicious.  Any respectable request is going to have a valid User Agent.  The User Agent is blank in this error/request.  That usually indicates either a spammer or a hacker is doing something – scraping, probing, sniffing, recon, etc etc etc.

    You can just ignore this.


    Well I don’t know how it does it but it does pass the real IP address along via “HTTP_CF_CONNECTING_IP” but I think its possible to get it without directly looking for that as MyBB has a “scrutinise user’s IP address” setting which looks for: HTTP_X_FORWARDED_FOR or HTTP_X_REAL_IP headers.

    AITpro Admin

    I believe this is something that you would not be able to control or change on your end since HTTP_X_FORWARDED_FOR is coming from an external source – your CDN.  check with the cloudflare folks and see what they have to say.  I am not that familiar with what cloud services do.

    John – CloudFlare

    I work at CloudFlare.

    We operate as a global reverse proxy providing security and acceleration for websites using CloudFlare. The public IP addresses are in CloudFlare’s IP space and we connect back to your server(s) from within those same ranges.

    We include the original visitor IP address in the header of every request we pass back.


    List of methods for getting original visitor IP:

    As long as the BPS plugin can “see” the original visitor IPs, this shouldn’t be a problem.

    John Roberts / CloudFlare

    AITpro Admin

    Thanks for the links/info John.  One of these days when I have the spare time I will give Cloudflare a test drive.  Looks Cool!  And yep, BPS is logging $_SERVER variables so whatever is sent in the Request is what is logged.

    Correction:  What I said about getting the original DNS info after being sent through Cloudflare Servers is not clear and actually sounds like a negative statement.  Obviously since content is stored on the Cloudflare Servers then the IP Address MUST be a Cloud Server’s IP address (or Proxy IP) since this would not work any other way of course.  We were doing something with DNS a while back, but abandoned that approach and are now using a different approach since Cloud services are the future.


    Any updates on resolving actual IPs instead of Cloudflare IPs / Hostnames? This is a big deal for us. Appreciate any help possible.

    AITpro Admin

    What exactly is the question you are asking?  Is there a problem occurring?  If so, what is the problem?  Does the question have to do with the BPS Pro Plugin Firewall?  Do you want to know how to add (whitelist) additional IP addresses (cloudflare, etc) in the BPS Pro Plugin Firewall?



    some people place XForwarded For code in their WP-Config. google and you should find some sample. Test them and see which one works. if you have root access you can also install rmodpaf to get the XForwarded or Real Ip. Depends on your Apache version. Also you could prepend a Php file with XForwarded commands to all your Php scripts. But that requires root access too. Also Google adding XForwarded code to your child theme function.php. Off the top of my head that covers a few ways.

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.