Cloudflare Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys

rdan · Jan 26, 2018

GitHub - christophetd/CloudFlair: Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys.

CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper

ChokePoint: Exposing Server IPs Behind CloudFlare

Yay!

Some of my CF enabled sites that uses Cloudflare Cert are exposed.

eva2000 · Jan 26, 2018

Actually that's very old news But guess Cloudflare ain't happy about it!

As outlined in those articles to protect yourself you can either use firewall to block all traffic other than Cloudflare from your server or setup a Cloudflare Authenticated Origin Pull certificate on your Cloudflare Full SSL enabled site. The latter is easier to do as blocking all traffic might cause problems for other non-visitor access/communications to your server. I wrote a guide for the latter at Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks

BamaStangGuy · Jan 26, 2018

We have been using Auth Orgin Pulls for quite a while now.

eva2000 · Jan 26, 2018

Nice.. just remember Cloudflare Authenticated Origin Pull certificates also expire Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Cloudflare Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys

rdan Well-Known Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Cloudflare Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys

rdan Well-Known Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

.