If you are running a firewall on origin web servers, please make sure the rules are configured to not accidentally block section.io’s platform. A common scenario we’ve seen is the origin firewall blocking based on the connecting client’s IP address. This is not going to work with a CDN in front as the majority of the connections will have section.io’s IP address as we sit between browsers and the origin servers. Blocking these IPs will result in legitimate traffic being blocked.
section.io platform by default will generate a
True-Client-IP HTTP request header. This request header is sent to the origin. A typical example of such a header will look like:
You will need to setup the firewall so it is going to block traffic based on this IP address, rather than the connecting IP. This way any malicious True-Client-IP addresses will be blocked by the origin firewall, which legitimate traffic through section.io will still be allowed.