In the previous quarter, we announced a new beta module, the Trusted Proxy, which became some of our users’ favorite module:
“The new Trusted Proxy feature simply blows the competition out of the water especially when you consider the price point at which are offering BitNinja. We couldn’t be happier with how things are proceeding. :)” – Christopher McGill, Lead System Administrator at GekkoFyre Networks
In that article, we promised to create a separate menu for managing it, so here it is! :)
A proxy server will reroute online requests, so the real IP of the visitor will be masked for the website she/he wants to access. There are many free and paid proxies available in the market.
But why do people use proxies? Because they can:
- Access content that is restricted in the visitor’s country
- Fasten site load speed -> Content Delivery Networks (CDN, like Cloudflare)
- Stay anonymous
Of course, staying anonymous for hackers is essential, so there’s no doubt that they often use this as an easy way to hide themselves.
(Side note: However, they forget about the fact that a proxy won’t hide them completely. To be honest, there are ways to track the real IP behind a proxy. That’s why a skilled hacker will use VPNs instead of proxies.)
As mentioned before, some hackers try to hide their information with a proxy. We’ve seen it with our own eyes. Our tech ninjas detected more and more unblocked attacks and when they dug deeper, they realized that these malicious requests came via Cloudflare.
As Cloudflare is the most popular CDN, their backend IPs are globally whitelisted by BitNinja. Therefore, these attacks couldn’t be detected because BitNinja doesn’t filter the requests coming from whitelisted IPs.
This issue became more and more serious and we couldn’t rest. We had to do something to keep our ninja friends’ servers safe against these attacks.
And there was another problem. Of course, we couldn’t whitelist all the proxies worldwide, so when BitNinja detected an attack from a less popular proxy, the IP became blocked. By greylisting an exit node’s IP only because one person behind it sent a malicious request, it meant that all the other (even thousands) users were blocked too. While this issue was much rarer than the increasing number of cyberattacks via Cloudflare, it was still very painful for the people who were affected.
That’s how the idea of the Trusted Proxy was born.
BitNinja Trusted Proxy
Thanks to this new beta module, hackers can’t hide behind proxies anymore. BitNinja will track those attacks too, which are coming through proxies, load balancers or edge proxies.
The technology behind Trusted Proxy requires the same settings as the WAF 2.0. So, if you have already set up the X-Forwarded-For header , then you have the green light to use the Trusted Proxy too. ;)
You’ll access the Trusted Proxy settings from the left-side menu:
The Cloudflare IPs are added to the list by default, but of course, you can manage this list by yourself. You can add custom proxy addresses by typing single IP/bulk IPs/IP ranges and add a comment so you’ll recognize the IPs later too.
However, your user-level whitelist comes first when BitNinja is filtering IPs, which means that if you whitelisted a proxy range before, it is time now to remove it, so the trusted proxies feature can work properly.
You can find more technical details about the BitNinja Trusted Proxy on our documentation site .
Do you prefer using API to manage your Trusted Proxy list? No problem. :) As we mentioned a few weeks ago, we are continuously developing the BitNinja Rest API . So, you can use these endpoints if you wish to customize the trusted proxies:
You can learn more about these functions on the BitNinja API documentation site .
Stop the attacks coming through proxies
Attacks via Cloudflare? Nah. Those times are over! With the BitNinja Trusted Proxy, you can forget about these struggles forever. It’s time to detect IPs hidden behind load balancers and edge proxies too.
Enable the Trusted Proxy now and if you or your customers are using a proxy, add it to your Trusted Proxy list.
And do not forget that we are always happy to help you, so feel free to contact us at firstname.lastname@example.org or on the Dashboard chat if you have any questions about the Trusted Proxy or need assistance.
Stay safe and happy hacker-hunting!