Nginx reverse dns with cloudflare

Question

https://www.nginx.com/resources/wiki/modules/rdns/

https://github.com/flant/nginx-http-rdns

How do you get the nginx-http-rdns module to work with cloudflare free DDoS protection? I wish to use this module to verify search engine bots (issue #10 has ways to verify bots). But it is unknown how to make this module work with cloudflare DDoS (issue #19 - has a stackoverflow example). Can anyone help? Or maybe there is a way to do it without this module?

Example: https://stackoverflow.com/questions/62445810/nginx-http-rdns-with-cloudflare

Answer 1

You would use the realip module to substitute the client's IP address for CloudFlare's addresses. This happens in the first phase of processing, before anything else is done. The RDNS module would then work normally and see the client's IP address rather than CloudFlare's.

An example configuration (the IP ranges might be out of date; I need to check on that):

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;