I was sealing a machine to be only accessible from WARP and I feel like something is off.
The machine is sealed from being accessed from the internet except for cloudflare ips.
Now, if somebody found our backend IP and used WARP, they would be able to see a login screen.
We could argue that I can obscure the port, however, it doesn’t feel right. Is there anything we can do to prevent this from happening?
Let’s say that I’m under WARP and I craft a request spoofing the Host header, if the user doesn’t make use of CAs and runs on flexible or full (not strict), they would be exposed as well right? Allowing the attacker to bypass WAF and potentially sending a DoS attack.
Maybe I’m thinking too much about it or I’m missing something (which could totally happen), hopefully somebody can clarify it for me .