Strange request coming from Cloudflare

attacks

#1

I am getting a request ?XDEBUG_SESSION_START=phpstorm coming from 172.68.246.79 which is identified as an address range owned by Poland - Cloudflare, Inc. The previous request from the same IP hit my login page. Looking back over the log now, I see this same request coming from similar IP addresses coming in an average of 2 or 3 times a month for the last 4 months. What is this? Should I be concerned? Thanks.


#2

Are you rewriting IP addresses?


#3

Well I’m using proxy_set_header X-Real-IP $remote_addr; in my nginx set up if that’s relevant. Briefly, I am reverse proxying to an app and using a Tomcat valve to replace the scheme and port presented via the request header. Most IP addresses connecting I recognise (reading them here in my list of visits), and I know they reflect the true owner. Then these unknown IPs pop up, with that strange request, and I don’t know where they are coming from, or what they are for.


#4

Where did the IP in question show up? And is that value rewritten or does it show the actual connecting address? If it is the latter it would be a regular request and is not Cloudflare related.


#5

Ok, I see. Yes, you are right, it is not coming from Cloudflare but from somewhere else. Thanks for the response.