Search Articles

< All Topics
Print
UpdatedJune 11, 2025
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%

In version 5.51, we have added a new rules set in WAF called “Proxy IP Check”, which is actually a Layer 7 extension of our IPDB distributed firewall. The limitation of IPDB system firewall is that it operates in Layer 3 and thus it cannot detect the real IP address of the visitor if it is embedded in the HTTP header. This normally happens when there is  a proxy like CloudFlare is placed in front of the actual web server. So IPDB distributed firewall cannot block attacks as in Layer 3, all such traffic is coming from the proxy server. This limitation is not just with IPDB, but with all system-level firewalls.

We have noticed that the large number of attacks from known bad IPs are bypassed through proxies like CloudFlare and thus we introduced the new rules set. When you enable “Proxy IP Check” rules set, the client IP embedded using the following header will be detected.

        X-Forwarded-For
        X-Real-IP
        CF-Connecting-IP
        True-Client-IP
        X-Client-IP
        Forwarded
        X-Cluster-Client-IP
        Fastly-Client-IP
        REMOTE_ADDR
With all such requests, we run block check against the real IP address of the visitor and deny access to the website resources if it is blocked in IPDB or local block list. The CloudFlare IP is still unaffected , not blocked and can access all resources without any restriction. 

 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents