Typically a CDN would be set up to forward the end user’s IP address so they generally aren’t a problem unless improperly configured.
Are you saying that Ghost and the brute-express tooling supports
X-Forwarded-For headers? Or are you referring to something else?
I meant taking more of an analysis approach where you look over the historical pattern of requests and IP addresses so you can develop a picture of what’s happening.
I’m happy to take this approach. But the logs do not show me any IPs, and the brute table has the IPs hashed. Is there a way to get the IPs from the brute table in their true form so I can align to what is happening?
Also interested to know. If I was having this issue after hosting with the platform with Ghost. Would this be something that would be investigated?