Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NETSTAT not showing real IPs using Cloudflare

Discussion in 'General Discussion' started by domainerq, Feb 27, 2017.

Tags:
  1. domainerq

    domainerq Member

    Joined:
    Feb 22, 2017
    Messages:
    14
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Peru
    cPanel Access Level:
    Root Administrator
    Hello,

    I am using cloudflare ( I have configured apache in order to see the visitor's real ip in the log) , and everything is working fine.

    I want to discard that my server is receiving DDOS attacks and i am trying to see the connections on port 80 sorted by IP , using the following command.

    netstat -anp | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    But when i execute this command i still get the cloudflare ip.
    there is something that need to be configured? or another way to identify the amount of connections by real ip?

    I would apreciate any suggestion , Thanks a lot.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You may want to reach out to CloudFlare's support team for solutions to this issue, as the current solutions are designed for the Apache logs and not the netstat utility. A similar topic is discussed at:

    CloudFlare? - ConfigServer Community Forum

    Thank you.
     
  3. domainerq

    domainerq Member

    Joined:
    Feb 22, 2017
    Messages:
    14
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Peru
    cPanel Access Level:
    Root Administrator
    I am analyzing logs ,using the following commands has been enough .

    cat access.log | awk '{print $1 "->" $4"->" $6 " " $7}' | sort $1
    cat access.log| awk '{print $1 " -> " $4" -> " $6 " " $7}' | grep x.x.x.x (to analize one ip)
    cat access.log| cut -d " " -f 1 | sort | uniq (unique ips that have accessed)
    cat access.log | cut -d " " -f 1 | sort | uniq | wc - (How many IPs have accessed in to your website today)
    cut -d " " -f 1 access.log | sort | uniq -c | sort -n (How many times each IP has accessed to your web)

    I hope it helps.
     
    cPanelMichael likes this.
Loading...

Share This Page