[scrollaway]

Cloudflare is a reverse proxy so all requests would be coming from cloudflare. Did the author look at the x-forwarded-for IPs?

[mixologic]

It really depends on whether all traffic from cloudflare IP's or just the most frequent ones. If the former, then they have configured nginx wrong and are logging the wrong source ip.

[scrollaway]

I don't see evidence they aren't logging the wrong source IP (which is the default format with nginx, which the author is using).

These are extraordinary claims, which require extraordinary evidence.

[donmcronald]

Typically when you're using Cloudflare you configure your origin firewall to drop traffic that doesn't come from Cloudflare [1]. What would be the point of using Cloudflare if you also accept traffic that bypasses Cloudflare? How would you even set up the DNS for that?

1. https://www.cloudflare.com/ips/