TYK Gateway with Cloudflare CF-connecting-IP

Hello, i have TYK project without dashboard and i wanna protect my specific API with IP whitelisting… but there is a problem with original IP address.

My Gateway is protected by cloudflare so the IP in remote addr is cloudflare ip but no original IP from the client.

Can you please help me how can i tell TYK to use ip from CF-connecting-IP header instead of remote addr?

Thank you very much for your help.

@Dominik_Vondra Hello and welcome to the community

Based on what is documented about CF-Connecting-IP and the Tyk middleware Execution order you could use a Pre-middleware (plugin) to copy the IP from the CF header to the origin header before the whitelist triggers.

This is just a suggestion, so I haven’t tested this