Cloudflare outgoing IP


#1

Hello, is there a way to know what outgoing ip-address you are going to have on your server when you are behind cloudflare?

i have clients that receive data from a script on my server, the clients make sure on their client side that they are only receiving data to their script from my server´s ip.
however if i go behind Cloudflare´s DDOS protection i need to know what outgoing ip-address i will have, is there a way to know that?


#2

Your outbound address doesn’t change, it will still be the IP address of your server.

While inbound requests to your server enter through Cloudflare, and Cloudflare proxies the connection to your server, but outbound connections from your server bypass Cloudflare completely.


#3

Are you sure about this? i have used Cloudflare some years ago and my servers outgoing ip did change


#4

Also, would that not defeat the purpose of Cloudflare if the outgoing ip was the servers actual ip-address? then ddos attackers could just find the servers actual ip and attack?


#5

When my webserver sends out email, my originating IP address shows up in the headers.

How is your script being initiated?

As for exposing my IP address, yes, it does provide an avenue for attack, though I have my firewall set up to block everything except Cloudflare. It can still be overwhelmed by a DDoS, though. If I were really concerned, I wouldn’t have my server initiate any type of connection that would give away its IP address.


#6

Yes, I’m sure. If you aren’t, think about what changes when you use Cloudflare: You change the DNS servers for your domain to Cloudflare, and Cloudflare serves new A and AAAA records to other nameservers to their servers. Their servers send connections through to your server. But nothing anywhere in this process would intercept outbound connections, those go from your server to the intended destination directly.

However you are also in control of outbound connections, you can set up a configuration such that you only connect to servers you trust allowing this server to be sacrificed if someone does want to DDoS you.


#7

When a user visits the site through Cloudflare, the response your server sends is to the connecting IP address (which in this case is/was Cloudflare) and then Cloudflare proxies that request to the user.

But a direct connection from your server to anywhere else that you initiate will not go out through Cloudflare. So as @sdayman mentioned, outgoing mail from your server for example would show your IP address.


#8

This topic was automatically closed after 14 days. New replies are no longer allowed.