Logs from Splunk
One annoying issue, however, is the fact that because it’s a proxy you see incoming requests as coming from CloudFlare servers rather than the original client. So if you’re doing any cool data analytics on your server your source IP information will be borked.
There’s an easy way to fix it, however.
I run Nginx as my main webserver, and Ubuntu’s version of the app includes support for the
http-real-ip module, which allows you to specify a set of proxy server IPs and the original IP header within the forwarded traffic so you can map it properly.
So, using Nginx, edit your
nginx.conf file and add the following to your
Restart Nginx and you’ll start seeing original IPs in your logs.
[ Apr 14, 2017 — I had the list of IPs here before but CloudFlare changes them often. Get the latest codeblock from them here. ]