0

I have a problem where I seem to be unable to access Cloudflare's header that passes the client origin IP when it proxies requests.

The header should be HTTP_CF_CONNECTING_IP according to Cloudflare's docs and my site is hosted on Heroku.

I have the following Rack Attack setup but even when live in production HTTP_CF_CONNECTING_IP isn't logging at all. 

class Rack::Attack
  Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new

  class Request < ::Rack::Request
    def remote_ip      
      @remote_ip ||= (env['HTTP_CF_CONNECTING_IP'] || env['action_dispatch.remote_ip'] || ip).to_s    
    end
  end

  track('Log all requests') do |req|
    puts req.ip # returns an IP
    puts req.env['action_dispatch.remote_ip'] # returns the same IP as req.ip
    puts req.env['HTTP_CF_CONNECTING_IP'] # doesn't show anything
    req.remote_ip
  end
end

I am using a free version of Cloudflare and wondered if that made any difference but at the moment it's making it impossible to use Rack Attack as I seem to just block everyone.

Any help would be much appreciated.

Tom Pinchen
  • 2,467
  • 7
  • 33
  • 53
  • Can you log all the headers (req.env in this case I guess) maybe there's a difference in how it's called. are you sure its not called CF-Connecting-IP ? https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers- – Joel Blum Apr 06 '20 at 12:39
  • Hey Joel, I also tried logging CF-Connecting-IP previously with no joy. I'll try logging everything and report back. – Tom Pinchen Apr 06 '20 at 12:51
  • It doesn't seem to be present but equally it's incredibly hard to read because the request is so giant. – Tom Pinchen Apr 06 '20 at 13:04
  • I now realise the HTTP_ is a rack convention, so it indeed should be HTTP_CF_CONNECTING_IP. You can try one of these methods to debug the headers https://stackoverflow.com/questions/6317705/rackrequest-how-do-i-get-all-headers. I'm tempted to say it's something with your Cloudflare setup... – Joel Blum Apr 06 '20 at 13:34

1 Answers1

0

I faced this throttling all issue on one of the project with exact same configuration i.e Heroku, CloudFlare and RackAttack.

The issue was all the requests were proxied via CloudFlare and hence reaching the max limit and getting throttled.

I used the same remote_ip method that you posted in the question but somehow I was able to fetch the remote_ip from env['HTTP_CF_CONNECTING_IP']

I was on a premium CF plan(Even I am not if this is helpful). You may refer this blog Restoring original visitor IPs If the problem still persists.

Also I found this blog really helpful How to mitigate DDoS using Rack::Attack

Ayush Billore
  • 109
  • 5