Cloudflare Getting Real IP From Behind Two Proxies

eva2000 · Oct 24, 2019

pamamolf said: ↑

Ok so i must remove the real_ip_header CF-Connecting-IP from:
Click to expand...

not remove, replace with standard one
Code (Text):
real_ip_header X-Forwarded-For;
actually in that cause I wouldn't use cloudflare.conf include file at all and use custom one as csfcf.sh cronjob would override cloudflare.conf everytime right now

i'm going to update csfcf.sh cronjob to use
Code (Text):
real_ip_header X-Forwarded-For;
instead of
Code (Text):
real_ip_header CF-Connecting-IP;
so that other non-cloudflare reverse proxies would work too

BamaStangGuy · Oct 24, 2019

pamamolf said: ↑
Ok so i must remove the real_ip_header CF-Connecting-IP from:
Code:
/usr/local/nginx/conf/cloudflare.conf
and add the real_ip_recursive on; at:
Code:
/usr/local/nginx/conf/cloudflare_customips.conf
?

Also i must whitelist the Ezoic ip's there like:
Code:
set_real_ip_from 34.218.119.32/27;
set_real_ip_from 34.245.205.0/27;
set_real_ip_from 34.245.205.64/27;
set_real_ip_from 35.172.155.192/27;
set_real_ip_from 35.172.155.96/27;
real_ip_recursive on;
Click to expand...
You only need real_ip_recursive on; inside the cloudflare conf. Inside the ezoic one you still use real_ip_header X-Forwarded-For; at the end

pamamolf · Oct 24, 2019

Nginx doesn't start

I add also at the config of the domain under the Cloudflare include this one:
Code:
include /usr/local/nginx/conf/ezoic.conf;
Error:
Code:
Starting nginx: nginx: [emerg] "real_ip_header" directive is duplicate in /usr/local/nginx/conf/ezoic.conf:1240
Should i disable the include for cloudflare.conf ?

I am using the Ezoic app through Cloudflare....

The issue is that i have on cloudflare.conf and ezoic.conf at the end the same header:
Code:
real_ip_header X-Forwarded-For;
but how is the proper way to solve it?

I am attaching the config files here:

pamamolf · Oct 25, 2019

The confusion is that on post #15 @Xon recommends to remove the header from cloudflare.conf:
Code:
real_ip_header CF-Connecting-IP;
and that seems to work according to @BamaStangGuy

but @eva2000 recommends to not remove it and change it to:
Code:
real_ip_header X-Forwarded-For;
But the same header exist also to the end of ezoic.conf and conflict...

BamaStangGuy · Oct 25, 2019

This is what I have that works:

In cloudflare.conf

Code:

include /usr/local/nginx/conf/cloudflare_customips.conf;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_recursive on;

In ezoic.conf

Code:

<-rest of ips->
set_real_ip_from 18.188.9.0/27;
set_real_ip_from 18.188.9.32/27;
set_real_ip_from 34.217.141.224/27;
set_real_ip_from 34.218.119.32/27;
set_real_ip_from 34.245.205.0/27;
set_real_ip_from 34.245.205.64/27;
set_real_ip_from 35.172.155.192/27;
set_real_ip_from 35.172.155.96/27;
real_ip_header X-Forwarded-For;

Then in nginx.conf include ezoic.conf underneath cloudflare.conf.

pamamolf · Oct 25, 2019

Yes i know but the confusion was related to @eva2000 recommendation to not remove the header from the cloudflare.conf ....

Also as the cronjob from csf will overwrite the contents (if i am not wrong) of the cloudflare.conf i think is better to add the real_ip_recursive on; at the cloudflare_customips.conf ?

BamaStangGuy · Oct 25, 2019

pamamolf said: ↑

Yes i know but the confusion was related to @eva2000 recommendation to not remove the header from the cloudflare.conf ....

Also as the cronjob from csf will overwrite the contents (if i am not wrong) of the cloudflare.conf i think is better to add the real_ip_recursive on; at the cloudflare_customips.conf ?
Click to expand...

It did not work when I did that.

pamamolf · Oct 25, 2019

I will wait for @eva2000 to see how to set that as i think your config will revert back by the csf cronjob...

eva2000 · Oct 25, 2019

BamaStangGuy said: ↑

This is what I have that works:

In cloudflare.conf

Code:

include /usr/local/nginx/conf/cloudflare_customips.conf;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_recursive on;

In ezoic.conf

Code:

<-rest of ips->
set_real_ip_from 18.188.9.0/27;
set_real_ip_from 18.188.9.32/27;
set_real_ip_from 34.217.141.224/27;
set_real_ip_from 34.218.119.32/27;
set_real_ip_from 34.245.205.0/27;
set_real_ip_from 34.245.205.64/27;
set_real_ip_from 35.172.155.192/27;
set_real_ip_from 35.172.155.96/27;
real_ip_header X-Forwarded-For;

Then in nginx.conf include ezoic.conf underneath cloudflare.conf.

Click to expand...

that works as you have real_ip_header X-Forwarded-For in ezoic.conf as include files in nginx.conf are just like if contents was placed in nginx.conf so cloudflare.conf and ezoic.conf combined contents has the single real_ip_header X-Forwarded-For required for things to work

pamamolf · Oct 25, 2019

But the csf cronjob will add back the header at cloudflare.conf ?

If yes then it will conflict and Nginx will not start....

What to do on that case?

eva2000 · Oct 25, 2019

pamamolf said: ↑

But the csf cronjob will add back the header at cloudflare.conf ?

If yes then it will conflict and Nginx will not start....

What to do on that case?
Click to expand...

yes csfcf.sh cron would override cloudflare.conf but 123.09beta01 latest update changed to using
real_ip_header X-Forwarded-For instead so just remove it from ezoic.conf include file and place ezoic.conf before cloudflare.conf include file in nginx.conf

run manually once the command
Code (Text):
/usr/local/src/centminmod/tools/csfcf.sh auto
to inspect if cloudflare.conf has the updated real_ip_header X-Forwarded-For

pamamolf · Nov 26, 2019

@BamaStangGuy
@Xon
@eva2000

can't get the users ip's in my log file

I am using the Ezoic app from Cloudflare apps panel...

cloudflare.conf

Code:

include /usr/local/nginx/conf/cloudflare_customips.conf;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
a few more ip's here...
real_ip_header X-Forwarded-For;

cloudflare_customips.conf

Code:

real_ip_recursive on;

ezoic.conf

Code:

set_real_ip_from 34.217.141.224/27;
set_real_ip_from 34.218.119.32/27;
set_real_ip_from 34.245.205.0/27;
set_real_ip_from 34.245.205.64/27;
set_real_ip_from 35.172.155.192/27;
set_real_ip_from 35.172.155.96/27;
a few more ip's here...

Domain config:

Code:

  include /usr/local/nginx/conf/ezoic.conf;
  include /usr/local/nginx/conf/cloudflare.conf;

Any ideas?

pamamolf · Nov 26, 2019

Does the load of real_ip_recursive on; matters?

If yes then i think is not working for me as the order is:

ezoic ip's
then
real_ip_recursive on;
then
cloudflae ip's with real_ip_header X-Forwarded-For; at the end...

Maybe to get that work it must be:

real_ip_recursive on;
then
cloudflae ip's WITHOUT real_ip_header X-Forwarded-For; at the end...
then
ezoic ip's WITH real_ip_header X-Forwarded-For; at the end...

and:
Code:
include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/ezoic.conf;
What do you think?

pamamolf · Dec 10, 2019

@BamaStangGuy

Did you add the ezoic include only in the main Nginx config or in the domain Nginx config also?

Thank you

negative · Dec 13, 2019

Btw, do you advice to using the Ezoic service ?

pamamolf · Dec 13, 2019

I assume that it depends on each case of usage but in my case i got an income increase of around 40% but also a noticeable increase at loading time for ads...

rdan · Sep 22, 2022

Anyone solved the IP issue when using Cloudflare and Ezoic?
I still got all my visitors showing Ezoic IPs even though I have followed the guide above.

rdan · Sep 22, 2022

Or I guess, the list I have here isn't complete:
Ezoic

Log in / Register

Forums

Join the community today

Cloudflare Getting Real IP From Behind Two Proxies

eva2000 Administrator Staff Member

BamaStangGuy Active Member

pamamolf Well-Known Member

Attached Files:

cloudflare.txt

cloudflare_customips.txt

ezoic.txt

pamamolf Well-Known Member

BamaStangGuy Active Member

pamamolf Well-Known Member

BamaStangGuy Active Member

pamamolf Well-Known Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

pamamolf Well-Known Member

pamamolf Well-Known Member

negative Active Member

pamamolf Well-Known Member

rdan Well-Known Member

rdan Well-Known Member

.

Log in / Register

Useful Searches

Join the community today

Cloudflare Getting Real IP From Behind Two Proxies

eva2000 Administrator Staff Member

BamaStangGuy Active Member

pamamolf Well-Known Member

Attached Files:

cloudflare.txt

cloudflare_customips.txt

ezoic.txt

pamamolf Well-Known Member

BamaStangGuy Active Member

pamamolf Well-Known Member

BamaStangGuy Active Member

pamamolf Well-Known Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

eva2000 Administrator Staff Member

pamamolf Well-Known Member

pamamolf Well-Known Member

pamamolf Well-Known Member

negative Active Member

pamamolf Well-Known Member

rdan Well-Known Member

rdan Well-Known Member

.