Hi Discourse community!
Am I correct to assume that IP Lookup gets the last IP from the X-Forwarded-For header? Cloudfront seems to be attaching their IP at the end.
How would we modify nginx to remove the last IP in the X-Forwarded-For header? We were hoping to get the client IP to prevent spammers.
Could anyone please provide help / guidance?
Cheers
Just wanted to check if anyone else has a workaround for something like this?
Hi, did you check this?
Have a look at Running other websites on the same machine as Discourse
I just encounted this problem with Cloudflare when I turned on their proxy.
I fixed by changing the Nginx config. You ahve to find all the proxy IP addresses and for each one in the http section:
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
...
Then you can set the real IP from the header passed by Cloudflare:
real_ip_header CF-Connecting-IP;
Since the proxy IP addresses could change, I’ll need to automate pulling and updating these.
Then reload/restart nginx with:
sv nginx reload or sv nginx restart
Argh. I wish I’d seen this post earlier! I’d just spent an hour today re-creating something that was already there: X-Forwarded-For proxy tag not recognized by Discourse?:
I’d recommend you switch to the built in solution, because it will automatically update the IP list from Cloudflare when you rebuild the site!
It is probably better to set a cron job to check regularly than rely on rebuilds.
It doesn’t sound like it changes very often: https://community.cloudflare.com/t/how-often-do-cloudflare-ips-change/9802/7
2 years is actually more frequently than I assumed.
However, the check is so simple that doing it once per day is no problem. Hopefully, they update the list a few days before new IP ranges go active.