Forum

Hiawatha with Incapsula

Lukas
14 April 2013, 20:04
Hi,

I want to run Hiawatha behind Incapsula, a reverse proxy who sends x-forwarded-for headers, however, reading about HideProxy I understood it only works for each individual IP, but I need these IPs there:

199.83.128.0/21
198.143.32.0/19
149.126.72.0/21
103.28.248.0/22
185.11.124.0/22

I'd really like to know a solution for this, working with Hiawatha the DDoS protection it offers is way better than nginx's and lighttpd's protection, however without the real IPs it does not work and blocks every visitor.

Hiawatha version: 9
Operating System: Debian x86
Hugo Leisink
14 April 2013, 22:07
In 9.1, the HideProxy will accept subnets as well. This feature was requested by somebody else as well.
Lukas
15 April 2013, 14:10
Yes, I saw you answered on this already somewhere else. So for the flood protection the Webserver would use the forwarded IP and the Webserver would ignore the connections per IP settings in the configuration? I'm just wondering because it looks like the Webserver actually kills the connection.
Hugo Leisink
15 April 2013, 14:24
The HideProxy will make Hiawatha handle a connection via one of the specified proxies as if it were coming from the IP address in the X-Forwarded-For HTTP header. The flood protection should work fine then.
This topic has been closed.