mod security – ModSecurity CoreRuleSet blocks cloudflare ip instead of attacker

so I just finished setting up my new webserver with nginx 1.19.8 and modsecurity. Now I have found coreruleset and configured everything as I wanted. But I started testing the modsecurity anti dos feature and saw that it was blocking the cloudflare ip, instead of the real ip.

Does anyone have an idea why and do you have the same issue?

Best regards