How Can We Help?
< All Topics
Print

What is Proxy IP Check in WAF

In version 5.51, we have added a new rules set in WAF called “Proxy IP Check”, which is actually a Layer 7 extension of our IPDB distributed firewall. The limitation of IPDB system firewall is that it operates in Layer 3 and thus it cannot detect the real IP address of the visitor if it is embedded in the HTTP header. This normally happens when there is  a proxy like CloudFlare is placed in front of the actual web server. So IPDB distributed firewall cannot block attacks as in Layer 3, all such traffic is coming from the proxy server. This limitation is not just with IPDB, but with all system-level firewalls.

We have noticed that the large number of attacks from known bad IPs are bypassed through proxies like CloudFlare and thus we introduced the new rules set. When you enable “Proxy IP Check” rules set, following requests will filter through it.

  • Requests with X-Forwarded-For in the header
  • Requests with X-Real-IP in the header
  • Requests with CF-Connecting-IP in the header

With all such requests, we run IPDB block check against the real IP address of the visitor and deny access to the website resources if it is blocked in IPDB. The CloudFlare IP is still unaffected , not blocked and can access all resources without any restriction. 

 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents