Apache logs show all traffic as coming from the same ips, will the firewall work

  • Resolved Nicola Peluchetti

    (@nicolapeluchetti)


    4 years, 3 months ago

    I have a Droplet, created using the marketplace wordpress image, using Cloudflare DNS, and my issue is that all traffic looks like it’s coming from Frankfurt, which is the datacenter where the droplet is hosted.
    This is what I have in apache access log. I’m afraid this will confuse the firewall, should I disable it?
    Log example

    162.158.88.37 – – [27/Nov/2020:10:29:39 +0000] “GET /shop/ HTTP/1.1” 200 24005 “/prodotto/spro2/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.89.180 – – [27/Nov/2020:10:29:41 +0000] “GET /wp-content/uploads/2018/04/piastra_mouse-1-100×100.jpg HTTP/1.1” 304 3963 “/shop/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.90.59 – – [27/Nov/2020:10:29:41 +0000] “GET /wp-content/uploads/2019/02/1-100×100.jpg HTTP/1.1” 304 3963 “/shop/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:29:44 +0000] “GET /categoria-prodotto/postazioni/ HTTP/1.1” 200 28585 “/shop/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.93.248 – – [27/Nov/2020:10:29:54 +0000] “GET /wishlist/ HTTP/1.1” 200 22508 “-” “Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)”
    162.158.88.37 – – [27/Nov/2020:10:29:54 +0000] “GET /prodotto/src-sport/ HTTP/1.1” 200 38840 “/categoria-prodotto/postazioni/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:29:56 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 6102 “/prodotto/src-sport/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:29:56 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 2341 “/prodotto/src-sport/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.91.240 – – [27/Nov/2020:10:29:59 +0000] “POST /?wc-ajax=get_refreshed_fragments HTTP/1.1” 200 4656 “/wishlist/” “Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.140 Mobile Safari/537.36 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)”
    162.158.94.227 – – [27/Nov/2020:10:30:03 +0000] “GET /categoria-prodotto/accessories-en/?lang=en&add-to-cart=3873&add_to_wishlist=2894 HTTP/1.1” 302 4173 “-” “Mozilla/5.0 (compatible; AhrefsBot/7.0; +https://ahrefs.com/robot/)”
    162.158.91.112 – – [27/Nov/2020:10:30:07 +0000] “GET /area-clienti/pagamenti/cassa/ HTTP/1.1” 200 21315 “-” “Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://aspiegel.com/petalbot)”
    162.158.88.37 – – [27/Nov/2020:10:30:10 +0000] “GET /categoria-prodotto/postazioni/ HTTP/1.1” 200 28585 “/prodotto/src-sport/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:30:13 +0000] “GET /prodotto/s1p/ HTTP/1.1” 200 34787 “/categoria-prodotto/postazioni/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:30:15 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 6102 “/prodotto/s1p/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:30:15 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 6102 “/prodotto/s1p/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47”
    162.158.88.37 – – [27/Nov/2020:10:30:16 +0000] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 2349 “/prodotto/s1p/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Apache logs show all traffic as coming from the same ips, will the firewall work’ is closed to new replies.

Tags