IP Lookup is Pulling CDN's X-Forwarded-For

I just encounted this problem with Cloudflare when I turned on their proxy.

I fixed by changing the Nginx config. You ahve to find all the proxy IP addresses and for each one in the http section:

set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
...

Then you can set the real IP from the header passed by Cloudflare:

real_ip_header CF-Connecting-IP;

Since the proxy IP addresses could change, I’ll need to automate pulling and updating these.

Then reload/restart nginx with:

sv nginx reload or sv nginx restart

Argh. I wish I’d seen this post earlier! I’d just spent an hour today re-creating something that was already there: X-Forwarded-For proxy tag not recognized by Discourse?:

2 Likes