Zenarmor and self-hosting websites with Cloudflare Proxy

[ajtatum]

Hi,

I currently use Untangle and am considering moving to OPNsense with Zenarmor. One thing that really makes it difficult for me is that I have websites that are using Cloudflare's as a proxy and WAF. This also hides my websites real IP address. However, there's issue, when someone visits my site, Untangle uses the Cloudflare IP, which sometimes gets flagged as something like a "Scanner" or something. On the webservers, I have it configured to use the X-Forwarded-For or CF-Connecting-IP to get the actual user's IP to log for login failures, etc.

So, I was curious if Zenarmor would act any differently or if there was a better approach? I get a lot of comments from people that they can't access my sites and it's almost impossible to tell why because all that gets logged in Untangle is the Cloudflare IP.

One thought I had, but shot down because it sounded too risky, was to bypass any rules at the router level for these servers and instead use something like CrowdSec or another solution on those servers.

Any thoughts or recommendations would be sincerely appreciated.

Thanks,
AJ

[sy]

Hi,

Is your web servers on a network that is protected by Zenarmor. Can you give a bit more detail about the topology?

[sorano]

Cloudflares WAF is a god compared to Zenarmor.

You cannot even compare them feature wise.