Detailed Information in Firewall Events


#1

The firewall events view does not provide enough information to determine if the firewall is working properly.

It should include the hostname, headers, and request size information.


#2

In general it will show the hostname as the “host” field:

In terms of headers and request size, you can go to the event and click “export to raw” which will give you the raw host header, user_agent header, cookie, and uri. Getting the Request Size information would require an enterprise plan and usage of Cloudflare’s raw logs feature.


#3

I’m looking for the request hostname, not the domain hostname.

Is it a user from att.net or a computer from ec2-123-456-789.compute-1.amazonaws.com?


#4

Not something that Cloudflare provides - you would need to reverse DNS the IP yourself via code or bash yourself, as cloudflare doesn’t automatically do this:

$ host 93.158.161.98
98.161.158.93.in-addr.arpa domain name pointer 93-158-161-98.spider.yandex.com.
$ php -r "echo gethostbyaddr('93.158.161.98');"
93-158-161-98.spider.yandex.com

#5

Of course Cloudflare doesn’t provide this, that’s why I made this feature request.

I don’t understand why you are treating me like I’ve opened a support ticket to get a host from an IP address, when this is a feature request.

You could of just said that Cloudflare will not implement this feature, but you instead want to teach me how to get a hostname from an IP.

I will never post on this forum again and I apologize for inconveniencing you.


#6

Sorry, my mistake. The vast majority of posts on this forum are support requests and I skipped over the “Product Requests” tag, making me think this was another request asking about how to get the IP’s hostname directly from Cloudflare.

I agree that having this info easy to view in the firewall event log would make it easier to figure out the origin of requests and +1 this product request.