Hi,
I am using Cloudflare Pro plan for my website with rules to block the coutries, and it is open to some specific IP address and locations only.
But problem is:
If someone knows the IP address of my host server, he/she can access my website by adding an entry in local etc/host files, where this WAF rule of Cloudflare doesn’t work .It completely bypasses the Cloudflare.
Kindly suggest what can be done to restrict this also.
You can start by setting up Authenticated Origin Pull (Authenticated Origin Pulls (mTLS) · Cloudflare SSL/TLS docs), but this only stops your server from answering requests that bypass Cloudflare.
If you don’t want any such requests to happen in the first place, you need to get a new ip address for your server and keep it secret.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.