Also read CloudFlare and CORs  Whitelisting

Introduction

To ensure that Origin Server denies all IPs except the CloudFlare IP (this will need to be AT the server level, not cloudlfare). This will capture all the use cases where clients are DIRECTLY accessing the I.P. address of the website (instead of the URL, which CloudFlare will address)

How Attackers Can Discover the Real IP

Here are common methods:

  1. Historical DNS Records: Services like SecurityTrails or Censys can expose past DNS records that pointed to your real IP.

  2. Subdomain Leaks: A misconfigured subdomain (e.g., ftp.example.com) may resolve directly to the origin IP.

  3. Direct SSL Certificate Scans: Your SSL cert may be associated with an IP exposed via services like Shodan.

  4. Email Headers: If your mail server shares the same IP, outgoing emails might leak it.

  5. Application-Level Leaks: Misconfigured apps may reference assets from the raw IP.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin