• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Best way to block when behind a proxy

Scheduled Pinned Locked Moved IDS/IPS
4 Posts 3 Posters 573 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    michmoor LAYER 8 Rebel Alliance
    last edited by Jun 12, 2023, 6:37 PM

    Whats the best way to block a Network Scan if the server is behind a reverse proxy and the source IP would always be the proxy?

    I would like to block this but as you can see from the alert i cant as both IPs are local to me but the scan is happening from multiple internet IPs.

    641989b0-8d27-4665-a761-b26df3e428e7-image.png

    Firewall: NetGate,Palo Alto-VM,Juniper SRX
    Routing: Juniper, Arista, Cisco
    Switching: Juniper, Arista, Cisco
    Wireless: Unifi, Aruba IAP
    JNCIP,CCNP Enterprise

    B 1 Reply Last reply Jun 12, 2023, 10:58 PM Reply Quote 0
    • B
      bmeeks @michmoor
      last edited by bmeeks Jun 12, 2023, 10:58 PM Jun 12, 2023, 10:58 PM

      @michmoor said in Best way to block when behind a proxy:

      server is behind a reverse proxy and the source IP would always be the proxy

      Your definition of the problem gives you the answer ... 😀.

      It can't be done using the IDS/IPS packages available on pfSense (unless you drop the proxy). The IDS cannot see the original IP address.

      M 1 Reply Last reply Jun 13, 2023, 12:18 AM Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @bmeeks
        last edited by Jun 13, 2023, 12:18 AM

        @bmeeks was hoping there was some…trickery. But alas it’s reading the IP header so not much can be done

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • A
          abtekk
          last edited by Jul 28, 2023, 11:25 PM

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received