Step1 Add the site first
Please refer to the official documentation for quick configuration of SafeLine.
Step2 Send a test attack request to the site: http://IP-or-hostname-or-domain:port/webshell.php
Step3 Open the SafeLine console and navigate to Logs -> Attacks -> Logs in the top left corner. Click Detail of the test request just made:
Step4 Look at the Request information to find the correct source IP
For most small websites, 99% of cases will fall into these two scenarios:
Scenario 1: The correct source IP is in the X-Forwarded-For header, usually in the 1st to 3rd position from the right:
The correct IP is the third one from the right.
Scenario 2: The correct source IP is in another header, and this header contains only the IP:
Step5 Click Web Services -> Global Settings -> Get Attack IP From, and select the corresponding option based on the location of the source IP
Step6 Repeat steps 2 and 3, and ensure the source IP in the logs is obtained correctly Done!
Notes:
- If there are no logs in step 3, it means the site is not set up properly. Please go back to step 1.
- If there is no source IP in the logs in step 4, it means the previous device did not pass the source IP to SafeLine, and you need to configure the previous device.
If you want to understand the underlying principles, you can refer to this: How to Configure SafeLine WAF to Correctly Obtain the Source IP.
Top comments (0)