cloudflare-logo

When using Cloudflare, you will notice that the REMOTE_ADDR variable no longer displays the correct user IP. Since Cloudflare acts as a proxy, the IP will always be a Cloudflare IP. If you have any code such as user votes that are using the IP as a unique way to stop users voting multiple times, you will find that this code is no longer working correctly. The solution to this is to install the Apache module which will correctly resolve the IPs that are being sent from Cloudflare. There is currently no module for Centos 7 and a few other operating systems which leaves us stuck. I looked into the issue and found that there is already a way to access the users IP without installing anything.

If you are using a language like PHP, dump out the server variables using a command such as var_dump($_SERVER); This will allow you to see all of the server variables that you currently have access to. You will see that there are a few new variables that are not normally there. The important variable here is HTTP_CF_CONNECTING_IP. This variable contains the actual user IP that would normally have been present in the REMOTE_ADDR variable. You will also find that the HTTP_X_FORWARDED_FOR variable also contains the exact same value.

This is a quick solution for anyone writing code that is depending on the IP being correct. If you are using any software that you didnt write, you might still be in trouble as this is difficult to change.