We finally solved our problems completely.
In the beginning, we were a little confused by the reports of some users (e.g.,
this one) that XenForo and Cloudflare were working for them out of the box. This was further
confirmed by the developers themselves, albeit conditionally. Unfortunately, it was not working well for us: we would see Cloudflare IP addresses on our websites instead of original visitors’, would not be able to install some add-ons, and would frequently be logged out of the ACP.
The first thing we did, following the instructions in
“Restoring original visitor IPs,” was we asked our ISP to install
mod_remoteip on our Apache server. It improved the situation, although it did not solve it completely. There were still some non-original IP addresses in our logs and we would get abrupt sign-outs from the ACP.
We quickly discovered that
mod_remoteip only returns the original visitor IPs that pass through Cloudflare. That is to say, if one has
Railgun enabled (see
Cloudflare account > Website > Speed > Optimization > Railgun), the original IPs passing through the Railgun servers will not be restored. And we do have
Railgun enabled.
We then took aditional measures to restore original visitor IPs also from
Railgun (there is a section specifically on
Railgun in
“Restoring original visitor IPs”). That resulted in further improvement; however, the situation was still not perfect. We would still get some
Railgun IPs instead of the original visitors’. We kept bugging our ISP about this.
After several e-mail exchanges they admitted they had made a mistake of adding
one of their Railgun servers to Apache configuration, but forgot to add the other one. (We have two websites, one being assigned in Cloudflare to one Railgun server, and the other to another.) As soon as they added the missing Railgun server to Apache configuration, all our issues were completely fixed.
Hope this helps someone in a similar situation.
