If You use any CDN or Proxy service, BitNinja will see the IP address of the CDN or proxy server only. This is because every request is coming from the CDN server. There is a module that lets BitNinja see the real IP address behind the mentioned CDN or proxy servers.
After the X-Forwarded-For header(DNAT mode only) or the Transparent proxy mode in the WAF module is set up you need to add the CDN Provider’s IP ranges from the Dashboard at the Trusted proxy menu point.
– You need to add a comment to the IP range(s) added to the Trusted proxy module
– You can add multiple IPv4 ranges by separating them with a comma and space
If you are using DNAT redirection mode, you need to set up the X-Forwarded-For header, enable the Trusted proxy module from the Dashboard, and also add your CDN provider’s IP ranges or any other proxy/load balancer IPs on your dashboard Firewall -> Trusted Proxy menu.
In transparent redirection mode, you will still need to add the above-mentioned IP addresses to the Trusted Proxy list, but you don’t have to modify the X-Forwarded -For header.
Please make sure to allow/open the 60416 and 60417 ports on the server or on the firewall in front of the server (if there is one), as these ports are required by the TrustedProxy module.
– If your server has multiple IP addresses, enter the IP addresses separated by colon and space.
– If your server has a CIDR or multiple CIDR, you can add them the same way with the prefixes included (IP address/X).