On one of the sites I’m using free Cloudflare WAF rules, and it’s helping me block fake registrations on the site. I’ve managed to solve most of the spam registrations by blocking any post requests from country other than US (The site is for an event in the US).
However, I noticed that a lot of fake registrations (not bot traffic) still go through because the human spammers behind those registrations are using a VPN/Proxy and spoofing themselves as US visitors. Now, X-Forwarded-for shows the IP address of those users, however - WAF rules aren’t utilizing the real IP instead they are using the proxy ip.
Is there a way I can block the real IP’s through the country block or a way to block the post requests from the users who are behind a proxy or vpn?
X-Forwarded-For isn’t the “real IP” of the user, it’s a header that claims to be the real IP of the user. It could actually be anything which is why Cloudflare doesn’t base any decisions on it as it could be used to bypass rules very easily.
There is an “X-Forwarded-For” field in the WAF where you can match IPs that may be specified in that header, but it’s not really what you are asking for.
So, is there a way we can block post requests when a user is behind vpn/proxy or is there any recommendation because x-forwarded-for field expects an IP and I don’t want to block with IP - rather I want to block all post requests when x-forwarded-for has multiple IPs.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.