Inconsistent expression on x-forwarded-for header #26847
Description
Existing documentation URL(s)
What changes are you suggesting?
- If you do not wish to receive the visitor's IP address in the X-Forwarded-For header,
+ If you do not wish to receive the visitor's and the Proxy A's IP address in the X-Forwarded-For header,
Even if the Remove visitor IP headers Managed Transform is applied, the (last) Proxy B's IP address will be kept, so we can't remove the visitor's IP address only from the multiple XFF entries.
then Cloudflare will send X-Forwarded-For: 203.0.113.1,198.51.100.101,198.51.100.102 to the origin. Proxy A will append the original visitor's IP address (203.0.113.1) to X-Forwarded-For before proxying the request to proxy B which, in turn, will append Proxy A's IP address (198.51.100.101) to X-Forwarded-For before proxying the request to Cloudflare. And finally, Cloudflare will append proxy B's IP address (198.51.100.102) to X-Forwarded-For before proxying the request to the origin.
Additional information
Please make sure this matches the description.
Visitor IP address in the x-forwarded-for HTTP header
For the x-forwarded-for HTTP request header, enabling Remove visitor IP headers will only remove the visitor IP from the header value when Cloudflare receives a request proxied by at least another CDN (content delivery network). In this case, Cloudflare will only keep the IP address of the last proxy.
For example, consider an incoming request proxied by two CDNs (CDN_1 and CDN_2) before reaching the Cloudflare network. The x-forwarded-for header would be similar to the following:
x-forwarded-for: <VISITOR_IP>, <THIRD_PARTY_CDN_1_IP>, <THIRD_PARTY_CDN_2_IP>
With Remove visitor IP headers enabled, the x-forwarded-for header sent to the origin server will be:
x-forwarded-for: <THIRD_PARTY_CDN_2_IP>