If I configure in the plugin the forwardedHeadersTrustedIPs variable with the cloudflare IP's do I need to use this plugin?
https://plugins.traefik.io/plugins/62e97498e2bf06d4675b9443/real-ip-from-cloudflare-proxy-tunnel

If I use the cloudflare proxy plugin do I have to configure forwardedHeadersTrustedIPs? Or do I need to configure both?

On the other hand, what should be the correct value for "forwardedHeadersCustomName: X-Forwarded-For" If this is my headers configuration?

    # Security headers
    securityHeaders:
      headers:
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
          server: ""
          X-Forwarded-Proto: "https"
        sslProxyHeaders:
          X-Forwarded-Proto: "https"
        referrerPolicy: "strict-origin-when-cross-origin"
        hostsProxyHeaders:
          - "X-Forwarded-Host"

Thanks in advance.

Hello @lordraiden,

I have partially documentated this part here: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/exemples/behind-proxy/README.md

Crowdsec needs to know the real IP in order to make decisions and bans. So the plugin must read the request, parse it and send it correctly to crowdsec.

For that if the request comes from another proxy which share the initial IP or list of IPs, you need to tell the plugin to trust this IP or list of IPs.

You need to specify the list of trusted IPs in the setting: ForwardedHeadersTrustedIPs

If your header containing the original IP is the common X-Forwarded-For, this will work directly as it is the default.

But if the header is custom, for instance the IP "list" is present in OtherHeaderContainingIP then you need to tell the plugin with the setting ForwardedHeadersCustomName: "OtherHeaderContainingIP".

Please let me know if that worked for you or if you need more informations,

Best Regards,
Mathieu

thanks I will test