Log the real IP address behind the CloudFlare CDN

If you run a commercial webapp, probably you have to track access.

CloudFlare helps you to manage more connection but hides from you many informations about the client. If you try to log the IP address you always get the CloudFlare’s ones.

Common headers which nginx uses to forward original IP (X-Forwarded-For and X-Real-IP) contain the CloudFlare’s IP. The correct header where to look is HTTP_CF_CONNECTING_IP.

1
2
/* PHP */
$_SERVER['HTTP_CF_CONNECTING_IP']
1
2
# Rack
request.headers["HTTP_CF_CONNECTING_IP"]