Ninja blog

Trace Hackers' IP Behind Cloudflare with The New Trusted Proxy Module

In the previous quarter, we announced a new beta module, the Trusted Proxy, which became some of our users’ favorite module:

“The new Trusted Proxy feature simply blows the competition out of the water especially when you consider the price point at which are offering BitNinja. We couldn’t be happier with how things are proceeding. :)” – Christopher McGill, Lead System Administrator at GekkoFyre Networks

In that article, we promised to create a separate menu for managing it, so here it is! 🙂

About proxies

A proxy server will reroute online requests, so the real IP of the visitor will be masked for the website she/he wants to access. There are many free and paid proxies available in the market.

Image source

But why do people use proxies? Because they can:

Access content that is restricted in the visitor’s country
Fasten site load speed -> Content Delivery Networks (CDN, like Cloudflare)
Stay anonymous

Of course, staying anonymous for hackers is essential, so there’s no doubt that they often use this as an easy way to hide themselves.

(Side note: However, they forget about the fact that a proxy won’t hide them completely. To be honest, there are ways to track the real IP behind a proxy. That’s why a skilled hacker will use VPNs instead of proxies.)

Background

As mentioned before, some hackers try to hide their information with a proxy. We’ve seen it with our own eyes. Our tech ninjas detected more and more unblocked attacks and when they dug deeper, they realized that these malicious requests came via Cloudflare.

As Cloudflare is the most popular CDN, their backend IPs are globally whitelisted by BitNinja. Therefore, these attacks couldn’t be detected because BitNinja doesn’t filter the requests coming from whitelisted IPs.

This issue became more and more serious and we couldn’t rest. We had to do something to keep our ninja friends’ servers safe against these attacks.

And there was another problem. Of course, we couldn’t whitelist all the proxies worldwide, so when BitNinja detected an attack from a less popular proxy, the IP became blocked. By greylisting an exit node’s IP only because one person behind it sent a malicious request, it meant that all the other (even thousands) users were blocked too. While this issue was much rarer than the increasing number of cyberattacks via Cloudflare, it was still very painful for the people who were affected.

That’s how the idea of the Trusted Proxy was born.

BitNinja Trusted Proxy

Thanks to this new beta module, hackers can’t hide behind proxies anymore. BitNinja will track those attacks too, which are coming through proxies, load balancers or edge proxies.

The technology behind Trusted Proxy requires the same settings as the WAF 2.0. So, if you have already set up the X-Forwarded-For header , then you have the green light to use the Trusted Proxy too. 😉

You’ll access the Trusted Proxy settings from the left-side menu:

The Cloudflare IPs are added to the list by default, but of course, you can manage this list by yourself. You can add custom proxy addresses by typing single IP/bulk IPs/IP ranges and add a comment so you’ll recognize the IPs later too.

However, your user-level whitelist comes first when BitNinja is filtering IPs, which means that if you whitelisted a proxy range before, it is time now to remove it, so the trusted proxies feature can work properly.

You can find more technical details about the BitNinja Trusted Proxy on our documentation site .

API endpoint

Do you prefer using API to manage your Trusted Proxy list? No problem. 🙂 As we mentioned a few weeks ago, we are continuously developing the BitNinja Rest API . So, you can use these endpoints if you wish to customize the trusted proxies:

You can learn more about these functions on the BitNinja API documentation site .

Stop the attacks coming through proxies

Attacks via Cloudflare? Nah. Those times are over! With the BitNinja Trusted Proxy, you can forget about these struggles forever. It’s time to detect IPs hidden behind load balancers and edge proxies too.

Enable the Trusted Proxy now and if you or your customers are using a proxy, add it to your Trusted Proxy list.

And do not forget that we are always happy to help you, so feel free to contact us at info@bitninja.io or on the Dashboard chat if you have any questions about the Trusted Proxy or need assistance.

Stay safe and happy hacker-hunting!

Defending a Million WordPress Sites Against a High-Risk Vulnerability

OpenLiteSpeed Integration: Speed Meets Security

Our 2024 Vision: Exciting Server Security Innovations and Cybersecurity Future

Quarter in Review Through Malware Statistics

How Safe Is Your Linux Server from AI-generated Malware?

Heading to CloudFest: Our Guide to Must-See Agenda and Speeches!

trial

If you have no more queries,  take the next step and sign up!

Don’t worry, the installation process is quick and straightforward!

get your free trial!

try without install

sign up for free

For Shared Webhosting For VPS providers For Small Businesses Pricing Anti-Malware WAF Realtime IP Reputation Outbound Spam Detection SiteProtection Extra Security Components

BitNinja Learn Documentation FAQs Success Stories Security Guides Reseller Partner Kit Comparisons Incident Report

About Customers Jobs at BitNinja Legal Terms Privacy Events Bug Bounty Partners Impact

Book a demo Contact us Support Product Feedback

BitNinja

Proactive server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool