forums.smartfoxserver.com

Lapo wrote:@dashanddot

its security option - we can use proxy before cf, and we want to know ip of proxy and ip of user
i ask fo feature modify ip adress too

Can you clarify why you need both?
Also, why would the client be able to specify an arbitrary IP address (even one that he's not using)? That sounds like a security flaw rather than a security measure. It would be a very convenient way for a User to defeat the banning system and the IP filter at the same time.

Thanks

Cloudflare is not proxy - its ddos protection - so we need to ban real ip - for example VPN or proxy used for cheating - we dont interested in fake ip shown in x-forwarded-for

The last post in this thread is almost 1 year old, I think I've lost track of what the problem is.

Cloudflare is not proxy - its ddos protection

Yes, that's always been clear.
Also, edge servers in front of your origin servers are commonly referred to as reverse proxies.

so we need to ban real ip - for example VPN or proxy used for cheating - we dont interested in fake ip shown in x-forwarded-for

Sure, it makes sense. But if you're blocking entire VPN addresses then you're likely to also block a number of legitimate players.
Wouldn't it be best to ban cheaters by their user name?
Another problem is cheaters using dynamic IP addresses.

In any case, what we can do is adding a specific cloudflare header support that can be activated manually in the server config.
If your server is behind CF you can switch it on and SFS2X will detect the CF-Connecting-IP instead of x-forwarded-for.

Would that help?