In my use case, woocommerce in WP, I have WordFence security plugin, and it has a selection to choose which header to pull ip address from. Since I used cloudflare, I selected the appropriate checkbox, and the IPs were properly posting.

So, hopefully you are able to check on which header your requests are being hit with.

Other comments already mentioned it, but that’s to figure out with your anti-ddos/reverse proxy headers setup