I am getting a request ?XDEBUG_SESSION_START=phpstorm coming from 188.8.131.52 which is identified as an address range owned by Poland - Cloudflare, Inc. The previous request from the same IP hit my login page. Looking back over the log now, I see this same request coming from similar IP addresses coming in an average of 2 or 3 times a month for the last 4 months. What is this? Should I be concerned? Thanks.
Are you rewriting IP addresses?
Well I’m using proxy_set_header X-Real-IP $remote_addr; in my nginx set up if that’s relevant. Briefly, I am reverse proxying to an app and using a Tomcat valve to replace the scheme and port presented via the request header. Most IP addresses connecting I recognise (reading them here in my list of visits), and I know they reflect the true owner. Then these unknown IPs pop up, with that strange request, and I don’t know where they are coming from, or what they are for.
Where did the IP in question show up? And is that value rewritten or does it show the actual connecting address? If it is the latter it would be a regular request and is not Cloudflare related.
Ok, I see. Yes, you are right, it is not coming from Cloudflare but from somewhere else. Thanks for the response.