Blocking proxied requests
Requests routed via proxy servers can be problematic for some sites. If you run any type of discussion forum, users can hide behind the perceived anonymity of a proxy server and launch anything from profanity-laden tirades in forum posts to outright denial of service attacks. You may therefore want to block proxied requests if you find that they cause problems on your site.
One way to do this is to check for the presence of the X-Forwarded-For header in the HTTP request. If this header exists, it means that the request was made by a proxy server on behalf of the real user.
This rule detects and blocks requests by proxy servers that use the X-Forwarded-For header:
SecRule &REQUEST_HEADERS:X-Forwarded-For "@gt 0" deny
The rule uses the & operator to return the number of request headers present with the name X-Forwarded-For. If this number is greater than zero, that means such a header is present, and the request is blocked.
Another similar header used by...
