Responding to the error "You can’t log in from that IP address”, but IP not blocked"

We ran into this problem a few weeks ago but searches only led us to discussions about the problem and no real solutions.

However, we discovered that the reason we were having the problem is because we tried proxying our discourse server behind Cloudflare (which has been successfully proxying and protecting our main webserver for quite a few years) in an attempt to stop some of the AI spam, which Cloudflare is already doing for our main webserver

But as soon as we did that, our users and administrators started seeing the error about not being able to login “from that IP address”. As soon as we unproxyed (that should be a word) the subdomain, everything started working perfectly again.

So that begs the question as to why proxying behind Cloudflare caused a problem and perhaps might hint at a solution? Is the discourse server deciding that the host on which it is running has a different IP address than the one that is exposed by cloudflare? Could that be the issue?

You need to use templates/cloudflare.template.yml in your app.yml or all of your access looks to Discourse like it’s coming from the Cloudflare IP addresses. If you block them, you’ll block all users using that same cloudflare server.

See also Discourse AI - Spam detection

2 Likes