This is almost the same request as found here:https://features.cpanel.net/topic/have-option-for-cphulkd-to-action-on-x-forwarded-for
Although that request does handle situations outside of CloudFlare. If needed, please merge this request into the original and include the more generic portions of the request so that the feature is not limited to just CloudFlare.
The following feature request is so broad that this feature request might be contained within it:https://features.cpanel.net/topic/built-in-load-balancing-replication-high-availability
Although I believe that feature request is for native cPanel load balancing rather than integration with third party load balancers such as CloudFlare, HAProxy, etc etc.
As a cPanel Systems Administrator
I want the ability to place a cPanel server behind a set of load balancers, but still maintain the ability to use cPHulk.
cPhulk is a valuable part of the cPanel product that I do not want to give up in order to use my set of third party load balancers.
Currently, cPHulk is not capable of trusting the X-Forwarded-For header, and for good reason. The X-Forwarded-For header can be easily spoofed. This makes it so that if I have cPHulk enabled, and a brute force attack happens, cPHulk will see my load balancers as the source of the attack and block them. This results in all services being completely down in the event of a firewall block from cPHulk.
This new feature would include the ability to specify a list of trusted request IP addreses.
This list would contain the IP addresses of the load balancers in my network.
If a request contains the X-Forwarded-For header, and it comes from one of these trusted IP addresses, cPHulk should trust and make use of the X-Forwarded-For header to determine the true source of the request.