I proxy the traffic with Cloudflare before it reaches Traefik host. Cloudflare exposes end user's IP with CF-Connecting-IP header.
Is there a way to restore the original IP on Traefik level? Something like mod_cloudflare for Nginx or Apache.
I couldn't find a way for say accesslog(doesn't mean it doesn't exist). But I believe you can use
depth for middlewares that use ipAddress.
Hi. Thanks for your reply. I have tried using IPWhitelist, but I couldn't make it work for IP address substitution.
This is what I did:
- Configured forwardedHeaders entry point to allow Cloudflare's X-Forwarded-For and tested that it works
- Created an ipWhitelist for Cloudflare ip ranges - whitelist works
- However, the IP address is not substituted (Cloudflare passes a single ip address in that header)
- If I set depth = 1, I get a forbidden error. depth = 0 - website works but IP is not substituted
Any ideas? I guess I will set this up in the container.