You dont want to whitelist the CDNs proxies, you want to configure your web server to process the CDNs X-Forwarded for headers so your system will see the actual attackers IP. Otherwise, if you whitelist the CDN the WAF wont do anything about an attack sent through the CDN. The better approach, also recommended by CDN providers, is to configure your webserver to see the attackers IP and not the CDNs.
Please see this article for guidance and links to vendors websites about how to do this with their CDN. You will also want to ask your CDN provider for instructions as well.
https://www.atomicorp.com/wiki/index.php/Proxy
Whitelisting CloudFlare
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Whitelisting CloudFlare
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone