Cloudflare restore original IP

Hi all.

I proxy the traffic with Cloudflare before it reaches Traefik host. Cloudflare exposes end user's IP with CF-Connecting-IP header.

Is there a way to restore the original IP on Traefik level? Something like mod_cloudflare for Nginx or Apache.

Many thanks.

I couldn't find a way for say accesslog(doesn't mean it doesn't exist). But I believe you can use X-Forwarded-For and depth for middlewares that use ipAddress.

Hi. Thanks for your reply. I have tried using IPWhitelist, but I couldn't make it work for IP address substitution.

This is what I did:

  • Configured forwardedHeaders entry point to allow Cloudflare's X-Forwarded-For and tested that it works
  • Created an ipWhitelist for Cloudflare ip ranges - whitelist works
  • However, the IP address is not substituted (Cloudflare passes a single ip address in that header)
  • If I set depth = 1, I get a forbidden error. depth = 0 - website works but IP is not substituted

Any ideas? I guess I will set this up in the container.