I've got my allowed list in OLS set to allow all of cloudflare's CIDR blocks, but when I remove the "ALL" from the list and move it to deny, I get a 403 when accessing my page. This is due, I believe, to having "Use Client IP in header" set to "Trusted IP only". If I change Use Client IP in header to No, then only allowing traffic from Cloudflare's ranges works, but I can't see the real client IP in my logs then, only cloudflares proxy ips.
Is there a way to enforce both only allowing 443 access from cloudflare, as well as retaining client IP for logging? I'm getting a lot of hits on 443 direct that aren't coming through cloudflare, and I would prefer to have CF doing all my firewalling rather than me having to setup IPTABLES rules locally.
Thanks!
Is there a way to enforce both only allowing 443 access from cloudflare, as well as retaining client IP for logging? I'm getting a lot of hits on 443 direct that aren't coming through cloudflare, and I would prefer to have CF doing all my firewalling rather than me having to setup IPTABLES rules locally.
Thanks!
