Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ASP.NET Core middleware for CloudFlare Connecting IP support
using System;
using Microsoft.Extensions.Options;
using Microsoft.AspNetCore.HttpOverrides;
using Lib.AspNetCore.CloudFlareConnectingIp;
namespace Microsoft.AspNetCore.Builder
{
public static class CloudFlareConnectingIpExtensions
{
public static IApplicationBuilder UseCloudFlareConnectingIp(this IApplicationBuilder app)
{
return app.UseCloudFlareConnectingIp(alse);
}
public static IApplicationBuilder UseCloudFlareConnectingIp(this IApplicationBuilder app, bool checkOriginatesFromCloudflare)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (checkOriginatesFromCloudflare)
{
app.UseMiddleware<CloudFlareConnectingIpMiddleware>();
}
else
{
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedForHeaderName = CloudFlareConnectingIpMiddleware.CLOUDFLARE_CONNECTING_IP_HEADER_NAME,
ForwardedHeaders = ForwardedHeaders.XForwardedFor
});
}
return app;
}
}
}
using System;
using System.Net;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.HttpOverrides;
using NetTools;
namespace Lib.AspNetCore.CloudFlareConnectingIp
{
internal class CloudFlareConnectingIpMiddleware
{
public const string CLOUDFLARE_CONNECTING_IP_HEADER_NAME = "CF_CONNECTING_IP";
private static readonly IPAddressRange[] _cloudFlareIpAddressRanges = new IPAddressRange[]
{
IPAddressRange.Parse("103.21.244.0/22"),
IPAddressRange.Parse("103.22.200.0/22"),
IPAddressRange.Parse("103.31.4.0/22"),
IPAddressRange.Parse("104.16.0.0/12"),
IPAddressRange.Parse("108.162.192.0/18"),
IPAddressRange.Parse("131.0.72.0/22"),
IPAddressRange.Parse("141.101.64.0/18"),
IPAddressRange.Parse("162.158.0.0/15"),
IPAddressRange.Parse("172.64.0.0/13"),
IPAddressRange.Parse("173.245.48.0/20"),
IPAddressRange.Parse("188.114.96.0/20"),
IPAddressRange.Parse("190.93.240.0/20"),
IPAddressRange.Parse("197.234.240.0/22"),
IPAddressRange.Parse("198.41.128.0/17"),
IPAddressRange.Parse("2400:cb00::/32"),
IPAddressRange.Parse("2405:8100::/32"),
IPAddressRange.Parse("2405:b500::/32"),
IPAddressRange.Parse("2606:4700::/32"),
IPAddressRange.Parse("2803:f800::/32"),
IPAddressRange.Parse("2c0f:f248::/32"),
IPAddressRange.Parse("2a06:98c0::/29")
};
private readonly RequestDelegate _next;
private readonly ForwardedHeadersMiddleware _forwardedHeadersMiddleware;
public CloudFlareConnectingIpMiddleware(RequestDelegate next, ILoggerFactory loggerFactory)
{
_next = next ?? throw new ArgumentNullException(nameof(next));
_forwardedHeadersMiddleware = new ForwardedHeadersMiddleware(next, loggerFactory, Options.Create(new ForwardedHeadersOptions
{
ForwardedForHeaderName = CLOUDFLARE_CONNECTING_IP_HEADER_NAME,
ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedFor
}));
}
public Task Invoke(HttpContext context)
{
if (context.Request.Headers.ContainsKey(CLOUDFLARE_CONNECTING_IP_HEADER_NAME) && IsCloudFlareIp(context.Connection.RemoteIpAddress))
{
return _forwardedHeadersMiddleware.Invoke(context);
}
return _next(context);
}
private bool IsCloudFlareIp(IPAddress ipadress)
{
bool isCloudFlareIp = false;
for (int i = 0; i < _cloudFlareIpAddressRanges.Length; i++)
{
isCloudFlareIp = _cloudFlareIpAddressRanges[i].Contains(ipadress);
if (isCloudFlareIp)
{
break;
}
}
return isCloudFlareIp;
}
}
}
@tpeczek

This comment has been minimized.

@Trojaner

This comment has been minimized.

Copy link

commented Jun 1, 2019

You should get the Cloudflare IPs dynamically via their API instead of hardcoding them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.