CD
Cloudflare Developers14mo ago
Dokter

Blocking IPs

I am still pretty new to cloudflare and website deployment, etc but one visitor of my website has pointed out following thing: (screenshot), do you guys mind helping me out here? Where exactly can I set this blocking up, etc.
No description
5 Replies
AlphaCentauri
AlphaCentauri14mo ago
Hey! They’re referring to the fact that your actual server (which hosts your application) has a public IP address which is directly responding to HTTP requests. Cloudflare helps you mask your IP address from direct lookups to your domain, but you should go further than this as per the advice of the person in your screenshot. To answer your question, the best way to fix this is to setup a firewall on your server to either block everything (or just HTTP/HTTPS) and only allow inbound connections from Cloudflare IPs (the one from that URL in the screenshot). You can configure the latter by following the steps under ‘Configure Origin Server’ https://developers.cloudflare.com/fundamentals/setup/allow-cloudflare-ip-addresses/
Allow Cloudflare IP addresses · Cloudflare Fundamentals docs
Because of how Cloudflare works, all traffic to proxied DNS records passes through Cloudflare before reaching your origin server. This means that your …
kian
kian14mo ago
"some tools" is just https://search.censys.io.
Censys
Censys Search
Censys helps organizations, individuals, and researchers find and monitor every server on the Internet to reduce exposure and improve security.
kian
kian14mo ago
<a:PE_PandaHack:780858080769867797> Yeah, Tunnels is much better than anything else - the only alternative that almost as good is customer-certificate Authenticated Origin Pulls which requires the Business plan. That's why I said customer-certificate.
AlphaCentauri
AlphaCentauri14mo ago
Out of curiosity, would the outbound nature of a tunnel add some latency or a bottleneck to the amount of traffic you could theoretically handle compared to an inbound public connection? I’ve always wanted to do the same but I’m unsure if a tunnel could fully replace the regular reverse proxy in production Fair, I might make the switch and see what happens, thanks! Amazing! That is reassuring, the problem is we have an API in production and I can’t really test a sustained load without actually just making the switch, which if it’s worse, could be bad Too late, I’m pinning the blame on you soontm boss: “Are you talking to floppy disks again”
Quint
Quint14mo ago
Omg hi @the Tunnels GigaChad
Want results from more Discord servers?
Add your server