freeborni
commented
7 months ago I tested this on production, and it seems it is able to still retrieve the correct user's IP address, and not cloudflare's IP address as I feared.
Closed freeborni closed 7 months ago
freeborni
commented
7 months ago I tested this on production, and it seems it is able to still retrieve the correct user's IP address, and not cloudflare's IP address as I feared.
In the getClientIP() function, the list of headers to check is missing the HTTP_CF_CONNECTING_IP This will enable websites served using cloudflare to get the real client IP instead of getting cloudflare's IP From the screenshot below, it needs to add the HTTP_CF_CONNECTING_IP to the list of remote keys. It should be the first item in the list.