Consider i DON'T know this cloudflare.
From what i can read from the documentation, they support the "X-Forwarded-For" field, and so does HFS.
For security reasons HFS by default accepts this field only if coming from the same computer (127.0.0.1).
THEN: if cloudflare works locally on your computer, then it should automatically work with HFS.
If cloudflare service is connecting to your computer over the net, then it is not working and you need to do this:
1. menu > save options > to file
you now have a hfs.ini file
2. edit hfs.ini and search for the line starting with "forwarded-mask="
3. now you should add the allowed addresses, all separated by semicolon ";" like
forwarded-mask=127.0.0.1;192.168.3.*;192.168.5.*
this last part is slightly complicated because you may not know what addresses to add.
My advice is to start with
forwarded-mask=127.0.0.1;*
just for testing. This should work, but it's very unsecure, so DON'T KEEP IT for long.
If this doesn't work it's useless to go on, as it should give permission to ALL addresses.
If it is working, then you should enter all the addresses to allow.
I guess, from the documentation, that these addressess are listed at
https://support.cloudflare.com/hc/en-us/articles/200170826-How-do-I-restore-original-visitor-IP-with-Lighttpd-but the syntax is not the same used by HFS.
If you are not an expert and don't know how to do, you can make it simple by replacing all those addresses like in this example:
This address 199.27.128.0/21
will become 199.27.*
i just removed last 3 numbers, as you can see.
Do the same with the others, and remember to separated them with ;
you have to manually edit HFS options to