How To Ensure All Traffic to my origin server goes through Cloudflare First

Overview of my site : I’m making a woocommerce store on WordPress and I host my site on SiteGround. Duo to Storage limitations I use a plugin to offload heavy downloadable files to S3 and serve them with CloudFront through a special subdomain I made just for this.

I’ve read that its possible for hackers to find my origin IP and simply launch an attack directly on the origin server.

I’m a bit confused as it seems like there are some options to address this issue, here are the options I understood can do the job, I don’t know if they are correct or not or what is the best one in my case.

  1. Block access to my site from all IP Addresses other than Cloudflare IP List & my home IP, using an .htaccess file.
    I tried the following method, but my site became inaccessible.

  2. On the CF Dashboard theres a section called SSL/TLS and in it theres a subsection called “Origin Server”. There are options to create a SSL to install on my origin server and an option called Authenticate Origin Pulls. Can this solve the problem? I already have a SSL on my site at SiteGround provided by Lets Encrypt, Do I need to remove it in order to install the CF one?
    Does enabling “Authenticate Origin Pulls” do something without the CF SSL certificate?
    how is this method different the the method 1?

  3. Cloudflare Tunnel. It seems like tunnels are big in CF and I’m very low on information here. I understood its possible to create a secure tunnel from my Origin server to Cloudflare ensuring all information goes directly through the Tunnel and no where else. How is that different from method 1 and 2 and is it better?

Could any of this methods cause conflicts with my plugin that offloads media to the S3 Bucket?
thank you very much for your time, it is much appreciated.

Here is a guide to securing your origin server:

  1. Guide on Authenticated Origin Pulls: Authenticated origin pull · Cloudflare SSL/TLS docs

  2. Tunnels are good because they connect out to Cloudflare and don’t require ports to be open on your host.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.