Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to block when behind a proxy

    IDS/IPS
    3
    4
    404
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by

      Whats the best way to block a Network Scan if the server is behind a reverse proxy and the source IP would always be the proxy?

      I would like to block this but as you can see from the alert i cant as both IPs are local to me but the scan is happening from multiple internet IPs.

      641989b0-8d27-4665-a761-b26df3e428e7-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @michmoor
        last edited by bmeeks

        @michmoor said in Best way to block when behind a proxy:

        server is behind a reverse proxy and the source IP would always be the proxy

        Your definition of the problem gives you the answer ... 😀.

        It can't be done using the IDS/IPS packages available on pfSense (unless you drop the proxy). The IDS cannot see the original IP address.

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @bmeeks
          last edited by

          @bmeeks was hoping there was some…trickery. But alas it’s reading the IP header so not much can be done

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • A
            abtekk
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.