I'm running a cPanel server that sits behind CloudFlare. I've been using csf for a while on another cPanel server and found it incredibly useful, but it's next to useless when all traffic is coming from a small range of already-known IPs. A script like Flarewall is a good start, but still requires csf to know the correct IP to block. Is there a way to get csf to pick up on X-Forwarded-For or CF-Connecting-IP headers, and make decisions based off those? Combined with Flarewall, this would be a killer feature.
I've looked through the settings and there doesn't seem to be a feature like this, but if anyone knows a way I could possibly "fake" it, I'm open to suggestions and willing to tinker.
Detect real IP when behind a proxy such as CloudFlare
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Detect real IP when behind a proxy such as CloudFlare
There is no functionality in iptables to do that.