Combine ip address on web access log

Hi is there any way to protect from hacker combine ip address . for example i create rule to allow only selected ip address . my ip are suppose to 198.192.121.11
but hacker hacked ip and access too . in my web server access logs i saw hacker ip address recorded like 198.192.121.11,202.201.21.21

means hacker attacked own ip with already white listed ip . what is this case can some one help me to understand and guide me how to protect my domain from this types of hackers .

Thanks

Greetings,

Thank you for asking.

Are you using Apache web server?

It might depend on the web server configuration as far as you can combine the output to the log files as you want :thinking:

For example, you could have your web server configured to log the client IP and some other headers like X-Forwarded-For, which would result seeing a “combined IP” separated by the comma , string or some other kind of type.

Are these maybe the crawlers or bots? Did you analyze your web traffic?
Are the naked domain and www DNS records proxied? (:orange: cloud)
Bypassing, does this mean like comming directly to your server IP address?

How about starting with the below:

Useful #tutorials for Firewall here:

Nevertheless, depending on the attack type and using Cloudflare security options like Firewall Rules, etc., consider blocking some of the known “bad user-agents”, “crawlers” or “bad ASNs” using below posts:

Make sure to protect your admin / login page, if you have one. We can use Cloudflare Access / Zero Trust (Teams):

Last but not the least, kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.