Detailed description of the problem

I am using fail2ban to monitor access logs via this method, I posted what I'm trying to do on reddit:
https://www.reddit.com/r/selfhosted/comments/cnf78f/fail2ban_monitor_access_logs_inside_mariadb/

This works, however, I have my IP hidden behind cloudflare to mask my IP address from the world. The Lychee container that I'm using will put the cloudflare IP into the access log, not the visitor's original IP. Thus if I have fail2ban ban it, I am banning cloudflare not the original visitor.

I assume that the forwarded header contains the visitor's original IP along with the CF IP as Traefik, the container that controls access to Lychee, is correctly logging the visitor's original IP. I also assume that Lychee just doesn't know to look at the header differently for the visitor's original IP vs the cloudflare IP.

Is it possible to get Lychee to log the visitor's original IP instead of the cloudflare IP so that I can accurately ban the offending visitor and not ban cloudflare (which would effectively be a DoS for me)? Thank you

https://github.com/LycheeOrg/Lychee/blob/master/php/Modules/Session.php#L102 and L109 are the place to look. It looks like you need the X-Forwarded-For header. I'd look into adding this but I don't use Cloudflare and this version of Lychee is no longer active development. Hopefully we'll be releasing Version 4 soon.

Thank you very much for the help! I wasn't able to get X-Forwarded-For to work, but I was able to get the following to work:

($_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']));

How can I request that this be put into Version 4? Thanks!

Thank you very much for the help! I wasn't able to get X-Forwarded-For to work, but I was able to get the following to work:

($_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']));

Thanks for the tip :)

How can I request that this be put into Version 4? Thanks!

Done :)

Awesome, thanks! :-D

no longer live. :)