Attack IP
Published a month ago
# SafeLine WAF
# ❓ question
Published a month ago
Peter Larin
Updated a month ago
0
We deploy SafeLine WAF as the outermost layer. Sometimes in the Attack Logs we see Localhost, but in the Tengine logs we see the real IP. So we are trying to find the optimal settings for these two parameters:
"Get Attack IP From" and "Clear and rewrite X-Forwarded-For".
Would it be optimal to set:
- "Get Attack IP From" = Socket Connection
- "Clear and rewrite X-Forwarded-For"=On?