I know that Cloudflare currently offer CF-Connecting-IP and X-Forwarded-For headers to get the real IP address of the clients accessing a server proxied by Cloudflare (Orange Cloud) and I can install a module on my webserver to get these headers automatically:
What I want to know is:
If I’m hosting my website on a Cloud provider, like for example OVH, they actually offer DDoS protection, what will happen if all the IP addresses they are getting come from the Cloudflare anycast IP range? Is it possible to get Cloudflare IPs blocked by the DDoS protection of a Cloud provider?
I just see that we can configure OVH external firewall and whitelist all the Cloudflare IP range. Does it prevent their DDoS protection from blocking Cloudflare requests?
There are some cloud providers that doesn’t offer a tool to manage the external firewall, should I avoid those providers if I intend to use Cloudflare as my CDN?
If I whitelist all the IPs from Cloudflare on my cloud provider external firewall I’m actually disabling their DDoS protection and relaying only on Cloudflare’s protection. So my conclusion is that it is not possible to combine those two DDoS protection mechanisms. Am I wrong?