Tracking visitor IP correctly with Cloudflare as proxy

Resolving visitor IP’s in your logs or WordPress plugin has nothing to do with the Cloudflare plugin.

If you’re on an NGINX webserver you can put Cloudflares IP’s as rules in a iprules.conf file but you have to have the REALIP module included when NGINX is compiled.

The REALIP module is installed by default since about NGINX 1.6 (we’re at 1.10 now. Inside your nginx.custom.d folder (nginx.conf will have to include this folder) best practice:

include conf.d/*.conf;
include /etc/nginx.custom.d/*.conf;

So make a new file called iprules.conf or cloudflareiprules.conf it doesn’t matter the name and place it in /etc/nginx.custom.d/*.conf

In that file you put in the proper convention:

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 127.0.0.1/32;
real_ip_header CF-Connecting-IP;

set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;

sudo service nginx restart

sudo service php7.0-fpm restart

On another kind of server? Get all the rules on Cloudflare here.

12Flat is an IT consulting group that fine tunes servers for WordPress speed and security on the web since 2009.