Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Zenarmor and self-hosting websites with Cloudflare Proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Zenarmor and self-hosting websites with Cloudflare Proxy (Read 1857 times)
ajtatum
Newbie
Posts: 2
Karma: 0
Zenarmor and self-hosting websites with Cloudflare Proxy
«
on:
April 17, 2023, 04:52:28 pm »
Hi,
I currently use Untangle and am considering moving to OPNsense with Zenarmor. One thing that really makes it difficult for me is that I have websites that are using Cloudflare's as a proxy and WAF. This also hides my websites real IP address. However, there's issue, when someone visits my site, Untangle uses the Cloudflare IP, which sometimes gets flagged as something like a "Scanner" or something. On the webservers, I have it configured to use the X-Forwarded-For or CF-Connecting-IP to get the actual user's IP to log for login failures, etc.
So, I was curious if Zenarmor would act any differently or if there was a better approach? I get a lot of comments from people that they can't access my sites and it's almost impossible to tell why because all that gets logged in Untangle is the Cloudflare IP.
One thought I had, but shot down because it sounded too risky, was to bypass any rules at the router level for these servers and instead use something like CrowdSec or another solution on those servers.
Any thoughts or recommendations would be sincerely appreciated.
Thanks,
AJ
Logged
sy
Hero Member
Posts: 597
Karma: 44
Re: Zenarmor and self-hosting websites with Cloudflare Proxy
«
Reply #1 on:
May 01, 2023, 12:51:29 pm »
Hi,
Is your web servers on a network that is protected by Zenarmor. Can you give a bit more detail about the topology?
Logged
sorano
Full Member
Posts: 153
Karma: 21
Re: Zenarmor and self-hosting websites with Cloudflare Proxy
«
Reply #2 on:
August 09, 2023, 10:48:15 am »
Cloudflares WAF is a god compared to Zenarmor.
You cannot even compare them feature wise.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Zenarmor and self-hosting websites with Cloudflare Proxy