How Can We Help?
-
Getting Started
-
App Portal
-
Features
-
cPGuard Lite
-
Command line
-
User plugin
- Articles coming soon
-
FAQs
- Reissue license
- Notify users on outdated CMS
- Restore a file
- Blacklist a file
- Whitelist files
- Start manual files scan
- Exclude domain from bot attack and captcha check
- SRBL - Whitelist domain or sender IP Address
- Enable Ioncube in cPanel PHP
- Grant server access to support
- How to fix the agent error in App Portal
- Whitelist a WAF rule ID
- Run a hook script after file detection
- Whitelist a user in the scanner engine
- What is inotify watch and how will it affects server performance
- Migrate license to a new server or IP Address
- Tagging Servers
- How to install cPGuard Standalone
- How do we calculate the number of users on a server
- Add additional directories to automatic scan list
- cPGuard WAF required settings and depencies
- So many cpguard-job-logs::fetchlogs processes running
- Install ModSecurity with Nginx on CentOS/RockyLinux/AlmaLinux
- How to install latest ModSecurity 2.9.7 with Apache - Install ModSecurity 2.9.7 with Apache
- How to whitelist an IP address
- How to report a file?
- Block PHP script upload using cPGuard WAF
- cPGuard License abuse is detected
- Webuzo Security using cPGuard - Webuzo Antivirus - Webuzo Antimalware
- Block countries from accessing your websites and server
- Import and export cPGuard configuration
- Customising/Branding the email Templates (user emails)
- Show all articles ( 17 ) Collapse Articles
-
General
- Migrating cPGuard V3 to V4
- Uninstalling cPGuard
- Overriding WordPress cron job
- Install ModSecurity with Nginx on Debian/Ubuntu
- How do we calculate the number of users on a server
- How to install latest ModSecurity 2.9.7 with Apache - Install ModSecurity 2.9.7 with Apache
- Bulk Action - Run an action against multiple servers
- How to whitelist an IP address
- How to report a file?
- Block PHP script upload using cPGuard WAF
- cPGuard License abuse is detected
- Request body excluding files is bigger than the maximum - Request body no files data length is larger than the configured limit
- Block countries from accessing your websites and server
- Import and export cPGuard configuration
- IPDB Error ::(nf_tables): table `filter' is incompatible, use 'nft' tool
-
Change Logs
-
Standalone
- cPGuard Standalone Configuration
- How to modify standalone configuration file cpguard.ini
- How to install cPGuard Standalone
- How to secure the websites on a Webmin/Virtualmin server using cPGuard
- Install ModSecurity with Nginx on Debian/Ubuntu
- Secure websites on Control Web Panel / CWP Server
- Installing cPGuard on Enhance panel
- How to install latest ModSecurity 2.9.7 with Apache - Install ModSecurity 2.9.7 with Apache
- Secure websites on Interworx Control Panel
-
Standalone Panels
-
WAF
- cPGuard WAF required settings and depencies
- Install ModSecurity with Nginx on Debian/Ubuntu
- Whitelist a WAF rule ID
- WAF Integration
- Web Application Firewall
- Install ModSecurity with Nginx on CentOS/RockyLinux/AlmaLinux
- How to install latest ModSecurity 2.9.7 with Apache - Install ModSecurity 2.9.7 with Apache
- Block PHP script upload using cPGuard WAF
- Request body excluding files is bigger than the maximum - Request body no files data length is larger than the configured limit
- What is Proxy IP Check in WAF
- Debug WAF blocking
< All Topics
Print
What is Proxy IP Check in WAF
UpdatedJune 11, 2025
BySupport
0 out of 5 stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |
In version 5.51, we have added a new rules set in WAF called “Proxy IP Check”, which is actually a Layer 7 extension of our IPDB distributed firewall. The limitation of IPDB system firewall is that it operates in Layer 3 and thus it cannot detect the real IP address of the visitor if it is embedded in the HTTP header. This normally happens when there is a proxy like CloudFlare is placed in front of the actual web server. So IPDB distributed firewall cannot block attacks as in Layer 3, all such traffic is coming from the proxy server. This limitation is not just with IPDB, but with all system-level firewalls.
We have noticed that the large number of attacks from known bad IPs are bypassed through proxies like CloudFlare and thus we introduced the new rules set. When you enable “Proxy IP Check” rules set, the client IP embedded using the following header will be detected.
X-Forwarded-ForX-Real-IPCF-Connecting-IPTrue-Client-IPX-Client-IPForwardedX-Cluster-Client-IPFastly-Client-IPREMOTE_ADDR
With all such requests, we run block check against the real IP address of the visitor and deny access to the website resources if it is blocked in IPDB or local block list. The CloudFlare IP is still unaffected , not blocked and can access all resources without any restriction.
Was this article helpful?
0 out of 5 stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |
5
Table of Contents