How do I restore original visitor IP with Nginx?

Since Cloudflare acts as a reverse proxy, when it's configured as expected, all connections to your origin webserver come from Cloudflare's IP addresses, and that may or may not be a problem for you:

  • If your web application is using the originating IP of the visitor as part of its logic, it will now use a Cloudflare IP address
  • If you use the content of your access logs, they now contain a Cloudflare IP address as the  $remote_addr

However, Cloudflare follows industry standards and includes the visitor's IP address in the X-Forwarded-For header. We also add a CF-Connecting-IP header that may be used as well. Any of these two can be used to either restore the originating IP of your visitor for your web application, or to be included in your logs.

 

Restoring the original visitor IP for your web application

Please use the following Nginx module and the following configuration parameters:

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;

NB: That list of prefixes needs to be updated regularly, and we publish the full list of here: Cloudflare's IP addresses.
 

Including the original visitor IP in your logs

You can include the variables $http_cf_connecting_ip and $http_x_forwarded_for in the log_format directive.

 

Also see: Cloudflare and Nginx

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk