Re: Whitelisting CloudFlare
Posted: Mon Mar 02, 2015 10:53 am
You dont want to whitelist the CDNs proxies, you want to configure your web server to process the CDNs X-Forwarded for headers so your system will see the actual attackers IP. Otherwise, if you whitelist the CDN the WAF wont do anything about an attack sent through the CDN. The better approach, also recommended by CDN providers, is to configure your webserver to see the attackers IP and not the CDNs.
Please see this article for guidance and links to vendors websites about how to do this with their CDN. You will also want to ask your CDN provider for instructions as well.
https://www.atomicorp.com/wiki/index.php/Proxy
Please see this article for guidance and links to vendors websites about how to do this with their CDN. You will also want to ask your CDN provider for instructions as well.
https://www.atomicorp.com/wiki/index.php/Proxy