Traefik v2.8 ip whitelist using client real-ip behind cloudflare proxy

I am using cloudflare as reverse proxy to app endpoint but i will like to whitelist certain allowed cidr blocks with the ipwhitelist middleware

but issue is i do not want to whitelist cloudflare ip because that will be defeating the purpose

how can i achieve this? using docker provider with labels

    - "traefik.enable=true"
    - ""
    - ""
    - "``)"
    - ""
    - ","

what do i need to do to set this up?

thanks a lot