• caglararli@hotmail.com
  • 05386281520

IP spoofing and http requests

Çağlar Arlı      -    87 Views

IP spoofing and http requests

I protect my website with Cloudflare. But using Censys I found my real server IP, thus anyone can connect to my server without having to deal with Cloudflare. I saw that I can blacklist all IPs that are not from Cloudflare, but I got scared that if someone changed their X-Forwarded-For, they can hide themselves as a client going through Cloudflare defeating the whole purpose of blacklisting IPs. But then someone on Discord said that I can blacklist effectively in the transport layer using TCP to determine the real IP of users.

I could not find a source to backup this person's statement, and thought I should ask the experts.