I was going to say that the feature to hide IPs was probably not yet released but if the docs say so… It’s probably a bug or the docs were updated a tad too fast.
I will ask somebody from CF to see whether this is expected behavior or not.
2 Likes
https://www.ipaddress.my/
https://iplocation.io/
For me, the above two reveals the ip address.
While these two didn’t. They worked fine. Cloudflare was shown as ISP.
That’s interesting a dig!
This works when warp is set in Private mode.
1 Like
Not exactly correct. If you are not using HTTP/3 then you will be hidden from sites in the Cloudflare Network too. I believe it’s a bug but not sure if the WARP team was aware of this one.
Before (about a year ago), if you had WARP turned on and visited those sites using HTTP/3, they would all show a private IP (in 172.16.0.0/12).
1 Like
I just tried visiting the websites you provided and they indeed reveal my real IP address. Sounds like a bug, hopefully Cloudflare will fix it soon! 
2 Likes
We respectfully disagree with you. The finding we reported occurs whether you have HTTP/3 enabled or not. We tested the above with HTTP/3 disabled/enabled and with CF WARP in Private Mode (DNS Protocol: WARP).
Further, many websites are not yet taking advantage of (or are connected to) HTTP/3. For example, the first website listed above (https://www.ipaddress.my/) is not HTTP/3 compliant. You can verify HTTP/3 compliance using this handy-dandy online tool.
To confirm that this isn’t just an issue with the free version of Cloudflare WARP, I have tested if Cloudflare WARP also reveals your IP when you use WARP+ or WARP for Teams.
I can conclude from my tests that the issue exists for those versions of WARP too.
1 Like
Hello, the problem exists, the real IP is exposed, despite meeting the installation requirements of warp +, with security certificates installed on each device, dns, Cloudflare zero trust location, etc. The real IP is exposed.
The privacy policy is also unclear (to me) about how the websites visited are not linked to a user (it says pseudoanonymised so are logged).
Do you know why this error occurs, because these check ip sites use Cloudflare cdn. Warp for all sites using Cloudflare cdn can not be hidden
For me I do not see my original IP address leaking on any of the sites above. I am using WARP version: 2022.9.582.0 (20221011.16).
We’re quite confident that future revisions of Cloudflare WARP will address and solve this topic.
The issue we initially reported (and confirmed) occurred with Cloudflare WARP for Windows Version 2022.8.857.0, dated September 12, 2022. For details, you can view the respective changelog here.
Out of curiosity, we went back to the sites listed above using Cloudlfare WARP for Windows Version 2022.9.583.0, dated October 11, 2022 (latest as of today) and, indeed, our native (origin) IPs are no longer exposed.
Before closing this topic, it would be great to let it “brew” for a while so others can share their findings and/or comments.
Thank you!
1 Like
From the first time - yes, if you refresh the page, you can see the real IP.
this site (whoer.net) always shows the real IP address, but when there were IPs from the 8...* block, it was always hidden.
Which Cloudflare WARP version are you running? And is this only happening on Windows? I cannot reproduce this on macOS or iOS with the latest WARP version.
Win10H2
I suppose it’s a Windows issue then. I’m not seeing this on Android, iOS, macOS and using the wgcf profile with WireGuard client.
I can no longer reproduce this issue, Cloudflare WARP no longer reveals my real IP as of today, with one exception.
On websites using Cloudflare that have IPv6 Compatibility turned off, Cloudflare WARP still reveals my real IP (first time it shows Cloudflare IPv4 address, but after reload it shows my own real IPv4 address).
1 Like
I’m currently on 2022.9.583.0, those websites failed to detect my real IP, some others were able to read my real IP, but only because it was leaking from WebRTC.
To solve it, I enabled: flags/#enable-webrtc-hide-local-ips-with-mdns
The most recent update of WARP solved this issue for me, WARP no longer reveals my real IP.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.