0

I am trying to whitelist a vendor IP in our Apache config but we are behind CloudFlare.

Per CloudFlare's and Apache's docs, I have done this in the config:

RemoteIPHeader CF-Connecting-IP # From: https://www.cloudflare.com/ips-v4 RemoteIPTrustedProxyList /path/to/cloudflare/ipv4.txt # From: https://www.cloudflare.com/ips-v6 RemoteIPTrustedProxyList /path/to/cloudflare/ipv6.txt # Switch from %h to %a per the CloudFlare docs LogFormat "%a %l %u %t \"%r\" %>s %b" common

Before CloudFlare, I could do this:

# Trusted vendor IP SetEnvIf Remote_Addr ^55\.55\.55\.55$ TRUSTED_REQUEST

What is the best way of accessing the CF-Connecting-IP while obeying the trusted proxy lists?

Improve this question

1 Answer 1

Reset to default
0

After some testing I have found that Remote_Addr is overwritten with the value declared by RemoteIPHeader CF-Connecting-IP

This behavior does not seem to be covered in the Apache docs.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.