Crowdsec Sec stack is not using the real ip if cloudflare is used as proxy

marcogreiveldinger / videos

This is a repository about my youtube videos where you can find code-snippets, links and other tutorials

MIT License

63 stars 18 forks source link

Crowdsec Sec stack is not using the real ip if cloudflare is used as proxy #7

Closed marcogreiveldinger closed 8 months ago

marcogreiveldinger commented 8 months ago

on the crowdsec-traefik security stack traefik does not use the real ip of the request in the logs if cloudflare is used as proxy before the traefik instance. There are some workarounds for that like using plugins or set .forwardedHeaders.trustedIPs to the cloudflare CIDRs in the entrypoint.

marcogreiveldinger commented 8 months ago

Check the official list of cloudflare ips cidrs

https://www.cloudflare.com/ips/

plaintext: https://www.cloudflare.com/ips-v4/#