Cloudflare: Can Caddy restore the real visitors IP address somehow? (CF-Connecting-IP)

As the title says, I’m wondering if there is any way to get the real visitors IP address which is in the CF-Connecting-IP http header when behind the Cloudflare proxy. I couldn’t find any info related to this. I need the real IP address for my self-hosted Piwik tracking instance on my server. Currently my subdomain isn’t protected by Cloudflare because of this issue, as Cloudflares own IP address aren’t helpful at all for the statistics.

In general, I’d like to “restore” the real IP address, even for logging and proxies. Should I open a issue on GitHub for this?

There are ways you can fix it manually, both for logging and for proxies.

For logging, have a look at Caddy’s log docs, you will need to write the [format] string manually, replacing {remote} (the connecting IP, which will be CloudFlare) with {>CF-Connecting-IP}, from CloudFlare. I’d probably still include {remote} in there somewhere, though, just in case someone still tries to connect directly.

For applications that are configured to respect X-Forwarded-For headers, you would need to write out your proxy block manually:

proxy / some-backend {
    header_upstream Host {host}
    header_upstream X-Real-IP {>CF-Connecting-IP}
    header_upstream X-Forwarded-For {>CF-Connecting-IP}
    header_upstream X-Forwarded-Proto {scheme}
1 Like

Also have a look at this Piwik documentation, which indicates how you should configure it for use behind a reverse proxy, with specific instruction for CloudFlare.

This are some very helpful informations and I could solve the issues I had. Thanks :slight_smile:
I finally have useful log files again too.

For anyone else reading this topic, there’s also a Caddy plugin:


Ahh, thanks for that link! Can’t believe I totally overlooked that. Third party middleware to the rescue. Definitely use it if it’s convenient, it’s probably much neater than all the manual configuration I recommended.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.