Because visitor traffic always comes through Clonable's servers, it appears to your own server that the visitors have the IP address of the server handling the request. This can be problematic for a WAF (Web Application Firewall) or other functions that check the visitor's IP address.
Therefore, Clonable sends the real IP address of the visitor in two different headers:
X-Fowarded-For. You can use these headers in the configuration of your web server or application. You can then add the IP addresses of our servers to the list of trusted servers. For example, in NGINX you can do this with the ngx_http_realip_module, in Apache with the mod_remoteip and in Laravel applications you can add our IP addresses to the trusted proxies. Many other web servers and applications have similar settings.
Taking over the visitor's IP address in your WAF is a better option than whitelisting our servers. This way you can continue to use your security rules as usual without blocking our servers and making your clone unreachable.