Cloudflare restore original IP

Mak · May 25, 2020, 9:18am

Hi all.

I proxy the traffic with Cloudflare before it reaches Traefik host. Cloudflare exposes end user's IP with CF-Connecting-IP header.

Is there a way to restore the original IP on Traefik level? Something like mod_cloudflare for Nginx or Apache.

Many thanks.

cakiwi · May 25, 2020, 12:57pm

I couldn't find a way for say accesslog(doesn't mean it doesn't exist). But I believe you can use X-Forwarded-For and depth for middlewares that use ipAddress.

Mak · May 26, 2020, 8:08am

Hi. Thanks for your reply. I have tried using IPWhitelist, but I couldn't make it work for IP address substitution.

This is what I did:

Configured forwardedHeaders entry point to allow Cloudflare's X-Forwarded-For and tested that it works
Created an ipWhitelist for Cloudflare ip ranges - whitelist works
However, the IP address is not substituted (Cloudflare passes a single ip address in that header)
If I set depth = 1, I get a forbidden error. depth = 0 - website works but IP is not substituted

Any ideas? I guess I will set this up in the container.

Topic		Replies	Views
Traefik v2 ipWhitelist/depth with Cloudflare and local network Traefik v2 docker , tcp , middleware	2	1888	July 12, 2022
Restoring Cloudflare Real IP on Traefik Traefik v2 kubernetes-ingress	7	8116	October 4, 2021
Setting up both forwardedHeaders and ipWhiteList (or: how to trust IP and whitelist the proxy, not the end user?) Traefik v2 file	1	2517	February 7, 2023
Traefik v2.8 ip whitelist using client real-ip behind cloudflare proxy Traefik v2 docker	0	1107	July 12, 2022
ipWhiteList middleware w/ cloudflare not functioning properly Traefik v2 docker , file , middleware	0	722	November 29, 2023

Cloudflare restore original IP

Related topics