Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

CF-Connecting-IP is what we recommend using.

See https://support.cloudflare.com/hc/en-us/articles/200170986-H... for details.



Which presumably only works if your site is using Cloudflare? Since you wouldn't be MITMing SSL in order to inject this header?


This is correct. It's significantly harder to inject the origin IP into a TCP stream. We have ways [1] of doing it, but it requires some coordination on both sides.

1- https://blog.cloudflare.com/mmproxy-creative-way-of-preservi...


Have you considered enabling this out of band? For example as a network administrator I could verify a CIDR block and receive a real time stream of 5-tuples (err, 7-tuples with the proxy?) destined to my network.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: