How to restrict host to allow connections only from cloudflare teams

Hi there, if i uderstood correctly if i leave “unsecure - w/o password” service by protection of cloudflare teams/access and suddenly expose my server ip address, any smart hacker can hack me by simulating http requests to host directly and spoofing HOST header?

Any site behind Cloudflare should have a local firewall that blocks any request not coming from the following:

1 Like