search

WeidiDeng / caddy-cloudflare-ip

Apache License 2.0
50 stars 2 forks source link

Sorry, What is the point of this caddy-cloudflare-ip? #2

Closed houmie closed 1 year ago

houmie commented 1 year ago

Hello,

Apologies, I have been researching for many hours, but haven't been able to find more information about this. 

"trusted_proxies": {
  "source": "cloudflare",
  "interval": "12h",
  "timeout": "15s"
},

I understand under Caddy I can use this section above to fetch a list of trusted proxies. But why do I need caddy-cloudflare-ip when I have already enabled CloudFlare's proxy?

Screenshot 2023-06-05 at 18 03 01

I'm planning to use Caddy with Xray to create the following VPN protocols that utilise Cloudflare CDN.

VLESS+gRPC+TLS
VLESS+WS+TLS
Trojan+gRPC+TLS
VMess+WS+TLS

Many Thanks

francislavoie commented 1 year ago

Your server is still reachable by using its direct IP address. Nothing prevents clients from bypassing Cloudflare and hitting your server directly. So you should only mark IP addresses controlled by Cloudflare as trusted, so that the parsed client IP is only ever the one Cloudflare saw at their end.

WeidiDeng commented 1 year ago

As francis said, it's mainly used to pass reliable X-Forwarded-For header to your xray server so forged X-Forwarded-For is mostly filtered. If you don't care about from where clients are connecting to your server, you can safely ignore this.

houmie commented 1 year ago

Awesome. Thank you both for explaining this to me.

Have a great day.