Detailed Information in Firewall Events


The firewall events view does not provide enough information to determine if the firewall is working properly.

It should include the hostname, headers, and request size information.


In general it will show the hostname as the “host” field:

In terms of headers and request size, you can go to the event and click “export to raw” which will give you the raw host header, user_agent header, cookie, and uri. Getting the Request Size information would require an enterprise plan and usage of Cloudflare’s raw logs feature.


I’m looking for the request hostname, not the domain hostname.

Is it a user from or a computer from


Not something that Cloudflare provides - you would need to reverse DNS the IP yourself via code or bash yourself, as cloudflare doesn’t automatically do this:

$ host domain name pointer
$ php -r "echo gethostbyaddr('');"


Of course Cloudflare doesn’t provide this, that’s why I made this feature request.

I don’t understand why you are treating me like I’ve opened a support ticket to get a host from an IP address, when this is a feature request.

You could of just said that Cloudflare will not implement this feature, but you instead want to teach me how to get a hostname from an IP.

I will never post on this forum again and I apologize for inconveniencing you.


Sorry, my mistake. The vast majority of posts on this forum are support requests and I skipped over the “Product Requests” tag, making me think this was another request asking about how to get the IP’s hostname directly from Cloudflare.

I agree that having this info easy to view in the firewall event log would make it easier to figure out the origin of requests and +1 this product request.