Want to subscribe to topics you're interested in?
Become a Member

Cloudflare Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys

Discussion in 'Domains, DNS, Email & SSL Certificates' started by RoldanLT, Jan 26, 2018.

  1. RoldanLT

    RoldanLT Well-Known Member

    4,067
    983
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,366
    Local Time:
    1:52 PM
    1.11
    10.2
  2. eva2000

    eva2000 Administrator Staff Member

    32,247
    7,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,892
    Local Time:
    3:52 PM
    Nginx 1.13.x
    MariaDB 5.5
    Actually that's very old news :) But guess Cloudflare ain't happy about it!

    As outlined in those articles to protect yourself you can either use firewall to block all traffic other than Cloudflare from your server or setup a Cloudflare Authenticated Origin Pull certificate on your Cloudflare Full SSL enabled site. The latter is easier to do as blocking all traffic might cause problems for other non-visitor access/communications to your server. I wrote a guide for the latter at Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks
     
  3. BamaStangGuy

    BamaStangGuy Active Member

    494
    142
    43
    May 25, 2014
    Ratings:
    +187
    Local Time:
    11:52 PM
    We have been using Auth Orgin Pulls for quite a while now. :)
     
    • Like Like x 2
  4. eva2000

    eva2000 Administrator Staff Member

    32,247
    7,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,892
    Local Time:
    3:52 PM
    Nginx 1.13.x
    MariaDB 5.5