Im testing the security of my system. I used a python script to bypass the cloudflare firewall and it showed me the real ip address of my website even tho everything is proxied on cloudflare dashboard. This is the screenshot of the situation:
this tool sends udp protocol to the server and my website doesn’t require a udp connection. Even tho i disabled every udp requests, im still able to get my real ip info from this script
I’m not sure how others see this, but the way I’m reading it is that it is not bypassing the Cloudflare firewall, but rather connecting directly to your origin server.
It appears to just be looking at certificates issued to your domain and finding servers presenting those certificates. Then trying to connect to those servers directly.
This is why it’s generally recommended to restrict your origin to only accept connections from Cloudflare IPs or use Cloudflare Tunnel to limit access to your server if it does not come through Cloudflare.
thank you man
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.