Problem DNS record in Moodle IP appears.
I have a DNS record (a subdomain) pointing to the public IP address of an EC2 instance (AWS machine) that hosts my Moodle application server.
I've observed the following behavior when the proxy feature of the DNS record (Cloudflare proxy) is active:
Incoming IP Address: The application server logs show the incoming IP address as belonging to Cloudflare and not the real client IP address.
Moodle Login Issue: The Moodle platform seems to be incorrectly handling the session. Because the client IP address (seen by Moodle) constantly changes (even if the IPs are all from the Cloudflare range), Moodle interprets this change as a security risk and blocks the login attempt.
Troubleshooting & Hypothesis
Test on AWS (Direct Access): We created a new subdomain hosted directly on AWS (without the Cloudflare proxy), and Moodle works flawlessly.
Conclusion: This confirms that the issue is related to a misconfiguration or specific behavior of Cloudflare's proxy.
The Question
Has anyone encountered this specific behavior before?
2 Replies
Cloudflare Docs
Restoring original visitor IPs
When your website traffic is routed through the Cloudflare network, we act as a reverse proxy. This allows Cloudflare to speed up page load time by routing packets more efficiently and caching static resources (images, JavaScript, CSS, etc.). As a result, when responding to requests and logging them, your origin server returns a Cloudflare IP ad...
Realizado este procedimentos
sudo a2enmod remoteip
/etc/apache2/conf-available/remoteip.conf
inclusão
RemoteIPHeader CF-Connecting-IP# Cloudflare IPv4RemoteIPTrustedProxy 173.245.48.0/20RemoteIPTrustedProxy 103.21.244.0/22RemoteIPTrustedProxy 103.22.200.0/22RemoteIPTrustedProxy 103.31.4.0/22RemoteIPTrustedProxy 141.101.64.0/18RemoteIPTrustedProxy 108.162.192.0/18RemoteIPTrustedProxy 190.93.240.0/20RemoteIPTrustedProxy 188.114.96.0/20RemoteIPTrustedProxy 197.234.240.0/22RemoteIPTrustedProxy 198.41.128.0/17RemoteIPTrustedProxy 162.158.0.0/15RemoteIPTrustedProxy 104.16.0.0/13RemoteIPTrustedProxy 104.24.0.0/14RemoteIPTrustedProxy 172.64.0.0/13RemoteIPTrustedProxy 131.0.72.0/22# Cloudflare IPv6RemoteIPTrustedProxy 2400:cb00::/32RemoteIPTrustedProxy 2606:4700::/32RemoteIPTrustedProxy 2803:f800::/32RemoteIPTrustedProxy 2405:b500::/32RemoteIPTrustedProxy 2405:8100::/32RemoteIPTrustedProxy 2a06:98c0::/29RemoteIPTrustedProxy 2c0f:f248::/32
/etc/apache2/sites-available/000-default.conf
inclusão
RemoteIPHeader CF-Connecting-IP
Alteração configuração do apache.conf
sudo sed -i 's/LogFormat "%h /LogFormat "%a /g' /etc/apache2/apache2.conf
sudo a2enconf remoteip
sudo systemctl restart apache2
Foi identificado pelos logs que os IPs que estavam aparecendo eram IPs reais dos usuários, porém as sessões não estavam funcionando corretamente.
Pelo testes aqui com e sem proxy da cloudfire, não funcionaram as sessões corretamente.