x forwarded for - Does cloudflare cf-connecting-ip affect http header?

Question

I have a few questions about cloudflare service before I use it.

1. Are there any difference on http request header between a web server use cf-connecting-ip,x-forwarded-for etc and a web don't use these kinds of thing?

2. Can/How client knows that a web server uses cf-connecting-ip, x-forwarded-for etc?

Answer 1

These request headers are specific to webproxies, and appended after the request was received by Cloudflare, when it's relaying to your origin. The user cannot see it, unless your webserver for some reason sends it back.

x-forwarded-for: https://en.wikipedia.org/wiki/X-Forwarded-For Used by proxy servers to tell the origin any HTTP servers involved in relaying the request between the user and the origin. you may see 1 or multiple sets of IP addresses in this header.

cf-connecting-ip: Relays the IP of the user connecting to Cloudflare to the origin webserver

From: https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-

CF-Connecting-IP Provides the client (visitor) IP address (connecting to Cloudflare) to the origin web server. cf-connecting-ip contains a special Cloudflare IP 2a06:98c0:3600:0:0:0:0:103 when the request originates from a Cloudflare Workers subrequest instead of the visitor's true IP.

Example:

CF-Connecting-IP: 203.0.113.1

X-Forwarded-For Maintains proxy server and original visitor IP addresses. If there was no existing X-Forwarded-For header in the request sent to Cloudflare, X-Forwarded-For has an identical value to the CF-Connecting-IP header:

Example:

X-Forwarded-For: 203.0.113.1 If an X-Forwarded-For header was already present in the request to Cloudflare, Cloudflare appends the IP address of the HTTP proxy to the header:

Example:

X-Forwarded-For: 203.0.113.1,198.51.100.101,198.51.100.102 In the examples above, 203.0.113.1 is the original visitor IP address and 198.51.100.101 and 198.51.100.102 are proxy server IP addresses provided to Cloudflare via the X-Forwarded-For header.

So for advice, review your application and see if it depends on the IP of the user, if so you will need to modify your web-server configuration to relay the correct IP.

To restore original visitor IP addresses at your origin web server, Cloudflare recommends your logs or applications look at CF-Connecting-IP or True-Client-IP instead of X-Forwarded-For since CF-Connecting-IP and True-Client-IP have a consistent format containing only one IP.