When using Cloudflare with Magento Community Open Source 1.9.x (now forked as OpenMage), one of the first problems many people notice, when using “Proxied” DNS is that the visitor’s IP address is “incorrect”.
In fact, it’s not incorrect, the server is receiving the proxy IP address. Nevertheless, this is not very useful if we’re using IP for such things as location etc.
So how do we get the actual visitor IP address?
TLDR: Option 1 is the most appropriate and easiest. Option 2 is the server-wide solution.
Option 1: Application Wide
In app/etc/modules/local.xml.additional there is the following in config/global:
<config>
<global>
<remote_addr_headers>
<header1>HTTP_X_REAL_IP</header1>
<header2>HTTP_X_FORWARDED_FOR</header2>
</remote_addr_headers>
</global>
</config>
Copy the <remote_addr_headers></remote_addr_headers> and close app/etc/modules/local.xml.additional.
The header CloudFlare provides that contains the visitor’s actual IP is HTTP_CF_CONNECTING_IP. Therefore we need to add the following to the app/etc/modules/local.xml.
Open app/etc/modules/local.xml and add the <remote_addr_headers></remote_addr_headers> code below inside the <global></global> section as follows:
<config>
<global>
<remote_addr_headers>
<header1>HTTP_CF_CONNECTING_IP</header1>
</remote_addr_headers>
</global>
</config>
Kudos to Tall Pall for this solution.
Option 2: Server Wide
This option is preferred with a dedicated server or where sever-wide visitor IP restoration is needed.
Depending on which web server is used, Apache requires either mod_remoteip or mod_cloudflare and or Nginx cloudflare-watch.
Luckily, CloudFlare has an article on how to do this here.
Option 3: Tell CloudFlare to Restore Visitor IP
Cloudflare can be configured to pass the visitor’s IP address in the X-Forwarded-For header. Option 1 and 2 are both better than this option.