Attack IP
Published 13 days ago
# SafeLine WAF
# ❓ question
Published 13 days ago
Peter Larin
Updated 13 days ago
0
We deploy SafeLine WAF as the outermost layer. Sometimes in the Attack Logs we see Localhost, but in the Tengine logs we see the real IP. So we are trying to find the optimal settings for these two parameters:
"Get Attack IP From" and "Clear and rewrite X-Forwarded-For".
Would it be optimal to set:
- "Get Attack IP From" = Socket Connection
- "Clear and rewrite X-Forwarded-For"=On?