Hello, I am struggling to get an acl working to reject traffic originating from servers protected by the Cloudflare network, while my servers are behind Cloudflare too …
So I allow only traffic from the Cloudflare network to HAProxy, since my server is behind Cloudflare too. This is getting me a bit muddled … comparing the CF-Connecting-IP and X-Forwarded-For headers is making a royal mess. I am able to block other proxy traffic, but how do I distinguish between “clean” proxied traffic via Cloudflare and “unwanted” server generted traffic from Cloudflare? Would any of you be able to point me in the right direction please?
