Specific IP analysis from the DNS data

Hey guys,

I couldn’t find this in the previous posts, but maybe I’ve missed, if that’s the case I’m sorry.

Anyhow, so the situation is, that I’m having hard time understanding why so many requests are coming from a certain country to my site. I don’t have any clients or business related interests. Maybe they’re search robots or whatever.
So, is there any functionality to see the IPs of the clients? I’m on basic plan at the moment.

Thanks!

Are you talking about DNS lookups? Or the actual website visits?

If it’s website visits, your server should be configured to restore Visitor IP addresses:

Or you can install Logflare.

For actual visits: Thanks! I’ll check out the LogFlare. Just I wonder which platform should I use when it runs on Amazon docker service?

and what would be solution for only DNS lookups?

For DNS, I don’t think it gets down to the IP address level. Only which Datacenter(s) are getting the hits.And that’s only on paid plans.

1 Like

You probably need to have the “container” (or its’ abstraction layer thereof) log your requests, but not the connecting (a.k.a. “source”) IP, rather than, the IPs Cloudflare will transmit via a special HTTP header (X-Forwarded-For) that are the actual origin IP as seen by the Cloudflare service…

Another important thing is that you must use the X-Forwarded-For ONLY for connections coming from Cloudflare’s IP ranges (if you don’t firewall connections from the rest of the Internet). This is because basically anyone can send these headers, and fake their source IP once you do the above.

I personally don’t have experience with Amazon containers at this time, so I can’t tell you how it’s done (or even if it’s possible), but that is the theory that you need to do in practice to get this information (I do that on my websites and it works great, but I run my own servers, so… it’s rather simple, just a few configuration options in my Nginx configuration file).

2 Likes

Thanks, man, that’s really informative!

Hey guys,

the application that I’m running is planning to have a feature where visiting client IP would matter. Meaning, if the user is coming from Country A there’s one workflow, if the user is coming from Country B there’s another.

Now, since the traffic is going through Cloudflare and that is handled on Cloudflare site, is there a way to get that information what is the user origin? Maybe it’s possible to get that as a parameter in a header?

Thanks!

You can get IP and Country in the headers.

1 Like

That was all I needed. Kudos! :+1:

1 Like

@sdayman you’ve been very helpful in this thread. Maybe you can point to me to the correct source, I need to figure out which IP is the Cloudflare IP that requests will be forwarded to the cloud instance?

In other words, I’m making the Security Groups setup on AWS and I want to restrict only the access from Cloudflare IP. I need that IP value :slight_smile:

Thanks!

Try this: