Proxy-Mode: User's IP address is not forwarded correctly when using cloudflare #40
Description
Hi there,
I am using CloudFlare in order to protect my site (proxy mode). Now I want to integrate plausible using the proxy feature, which works fine. A little problem remains:
While the request that reaches the nuxt page contains the IP address of the user (2003:a:42f:2d00:64c8:abc6:83b:xxx):
[
{
"level": "info",
"ts": 1748350595.236729,
"logger": "http.log.access.log0",
"msg": "handled request",
"request": {
"remote_ip": "10.0.1.1",
"remote_port": "47494",
"client_ip": "10.0.1.1",
"proto": "HTTP/1.1",
"method": "GET",
"host": "example.com",
"uri": "/",
"headers": {
"User-Agent": [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"
],
"Sec-Fetch-Site": [
"same-origin"
],
"X-Forwarded-Proto": [
"https"
],
"Cdn-Loop": [
"cloudflare; loops=1"
],
"Cf-Connecting-Ip": [
"2003:a:42f:2d00:64c8:abc6:83b:xxx"
],
"Accept-Language": [
"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"
],
"Dnt": [
"1"
],
"X-Forwarded-For": [
"2003:a:42f:2d00:64c8:abc6:83b:xxx"
],
"Cf-Ipcountry": [
"DE"
],
"X-Real-Ip": [
"2003:a:42f:2d00:64c8:abc6:83b:xxx"
],
"Cf-Ray": [
"9465ac5239447a99-EWR"
],
"Cookie": [
"REDACTED"
],
"Via": [
"2.0 Caddy"
],
"Cache-Control": [
"max-age=0"
],
"Sec-Ch-Ua-Platform": [
"\"macOS\""
],
"Accept-Encoding": [
"gzip, br"
],
"Sec-Fetch-User": [
"?1"
],
"Sec-Ch-Ua": [
"\"Not.A/Brand\";v=\"99\", \"Chromium\";v=\"136\""
],
"Sec-Fetch-Mode": [
"navigate"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Cf-Visitor": [
"{\"scheme\":\"https\"}"
],
"Upgrade-Insecure-Requests": [
"1"
],
"Sec-Fetch-Dest": [
"document"
],
"Priority": [
"u=0, i"
],
"X-Forwarded-Host": [
"example.com"
]
}
},
"bytes_read": 0,
"user_id": "",
"duration": 0.259088396,
"size": 23784,
"status": 200,
"resp_headers": {
"Set-Cookie": [
"REDACTED"
],
"Content-Type": [
"text/html;charset=utf-8"
],
"Date": [
"Tue, 27 May 2025 12:56:35 GMT"
],
"Vary": [
"Accept-Encoding"
],
"X-Robots-Tag": [
"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1"
],
"Content-Encoding": [
"gzip"
]
}
},
{
"level": "info",
"ts": 1748350595.9863327,
"logger": "http.log.access.log0",
"msg": "handled request",
"request": {
"remote_ip": "10.0.1.1",
"remote_port": "47494",
"client_ip": "10.0.1.1",
"proto": "HTTP/1.1",
"method": "POST",
"host": "example.com",
"uri": "/_clt/api/event",
"headers": {
"Cf-Ipcountry": [
"DE"
],
"Accept": [
"*/*"
],
"Cf-Connecting-Ip": [
"2003:a:42f:2d00:64c8:abc6:83b:xxx"
],
"X-Forwarded-For": [
"2003:a:42f:2d00:64c8:abc6:83b:xxx"
],
"User-Agent": [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
],
"Cf-Ray": [
"9465ac57e8027a99-EWR"
],
"Dnt": [
"1"
],
"Content-Type": [
"text/plain"
],
"Sec-Ch-Ua-Platform": [
"\"macOS\""
],
"Sec-Fetch-Site": [
"same-origin"
],
"Cookie": [
"REDACTED"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"X-Forwarded-Host": [
"example.com"
],
"Cf-Visitor": [
"{\"scheme\":\"https\"}"
],
"Accept-Encoding": [
"gzip, br"
],
"Via": [
"2.0 Caddy"
],
"Content-Length": [
"90"
],
"Sec-Ch-Ua": [
"\"Not.A/Brand\";v=\"99\", \"Chromium\";v=\"136\""
],
"Priority": [
"u=1, i"
],
"Origin": [
"https://example.com"
],
"Referer": [
"https://example.com/"
],
"Sec-Fetch-Mode": [
"cors"
],
"Sec-Fetch-Dest": [
"empty"
],
"X-Forwarded-Proto": [
"https"
],
"X-Real-Ip": [
"2003:a:42f:2d00:64c8:abc6:83b:xxx"
],
"Cdn-Loop": [
"cloudflare; loops=1"
],
"Accept-Language": [
"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"
]
}
},
"bytes_read": 90,
"user_id": "",
"duration": 0.103529669,
"size": 2,
"status": 202,
"resp_headers": {
"X-Request-Id": [
"GENjmpfEStEPXzoAAIRC"
],
"X-Robots-Tag": [
"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1"
],
"Date": [
"Tue, 27 May 2025 12:56:35 GMT"
],
"Cache-Control": [
"max-age=0, private, must-revalidate"
],
"Access-Control-Allow-Origin": [
"*"
],
"Nel": [
"{\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}"
],
"Report-To": [
"{\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7nWEX8xblTiPwTQhT5ymEcaRTHj6XkVB%2FbLOYlfbv2qeJBgmLRTjp6UnE4skYCIFTaNoOyyIfuAPPW3owFkvKa8Hpy13RTjLv4qWdiYu5qM%3D\"}]}"
],
"Access-Control-Expose-Headers": [
""
],
"Content-Type": [
"text/plain; charset=utf-8"
],
"Access-Control-Allow-Credentials": [
"true"
],
"Cf-Cache-Status": [
"DYNAMIC"
],
"Cf-Ray": [
"9465ac587aff1e6a-FRA"
]
}
}
]
the request on the plausible-host does not contain that information, but the nuxt host's internal ip (10.0.1.1) and it's nat gateway's public ip (123.123.123.123).
{
"level": "info",
"ts": 1748350595.9751575,
"logger": "http.log.access.log0",
"msg": "handled request",
"request": {
"remote_ip": "172.70.247.10",
"remote_port": "39954",
"client_ip": "172.70.247.10",
"proto": "HTTP/2.0",
"method": "POST",
"host": "stats.example.com",
"uri": "/api/event",
"headers": {
"Referer": [
"https://example.com/"
],
"Via": [
"2.0 Caddy, 1.1 Caddy"
],
"Accept-Language": [
"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"
],
"Content-Type": [
"text/plain"
],
"Cf-Ray": [
"9465ac587aff1e6a-FRA"
],
"User-Agent": [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
],
"X-Forwarded-For": [
"10.0.1.1,123.123.123.123"
],
"Cf-Connecting-Ip": [
"123.123.123.123"
],
"Cf-Visitor": [
"{\"scheme\":\"https\"}"
],
"Dnt": [
"1"
],
"Cf-Ipcountry": [
"DE"
],
"Cdn-Loop": [
"cloudflare; loops=2"
],
"Accept": [
"*/*"
],
"X-Forwarded-Proto": [
"https"
],
"Origin": [
"https://example.com"
],
"Sec-Ch-Ua": [
"\"Not.A/Brand\";v=\"99\", \"Chromium\";v=\"136\""
],
"Sec-Ch-Ua-Platform": [
"\"macOS\""
],
"Sec-Fetch-Mode": [
"cors"
],
"X-Forwarded-Host": [
"example.com"
],
"Priority": [
"u=1, i"
],
"Accept-Encoding": [
"gzip, br"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Cookie": [
"REDACTED"
],
"Sec-Fetch-Dest": [
"empty"
],
"Content-Length": [
"90"
],
"Sec-Fetch-Site": [
"same-origin"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"server_name": "stats.example.com"
}
},
"bytes_read": 90,
"user_id": "",
"duration": 0.005371119,
"size": 2,
"status": 202,
"resp_headers": {
"Content-Type": [
"text/plain; charset=utf-8"
],
"X-Request-Id": [
"GENjmpfEStEPXzoAAIRC"
],
"Cache-Control": [
"max-age=0, private, must-revalidate"
],
"Access-Control-Allow-Credentials": [
"true"
],
"Alt-Svc": [
"h3=\":443\"; ma=2592000"
],
"Date": [
"Tue, 27 May 2025 12:56:35 GMT"
],
"Access-Control-Allow-Origin": [
"*"
],
"Access-Control-Expose-Headers": [
""
],
"Content-Length": [
"2"
]
}
}
So for now, all my users come from Iran (as the IP is geolocated there).
Is there any way to change this?