shlogg · Early preview
Carrie @carrie_luo1

SafeLine WAF: Troubleshooting Attack IPs With X-Forwarded-For Header

SafeLine WAF displays problematic IPs due to proxy devices in network topology. Use X-Forwarded-For header to obtain real client IP or adjust SafeLine configuration accordingly.

SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.
We often get feedback from users that the IP shown in the SafeLine attack logs is problematic.
Here, I will explain why there might be issues with the attack IP displayed in SafeLine in some situations.

  
  
  Problem Description


By default, SafeLine reads the client IP through the Socket of the HTTP connection. When SafeLine is the outermost network device, there is no problem, and the IP obtained by SafeLine is the real IP of the attacker.
However, in some cases, we need to add oth...
Read the full article