IP revealed, firewall set at network/router level to CloudFlare only, what happened?

Okay, I found the problem.

The Private IP given to each server in its region is not private at all, instead it’s public to droplets within your zone/region. Since the firewall on their cloud-service does not actually detect/block these connections it’s likely someone just sent my private ip a simple HTTP request and NGINX granted it.

Odd mystery but now I’m a little mad/concerned. I wouldn’t mind paying an extra couple bucks to switch services now. LOL

Solution here is to set up Ingress rules for firewall publically, and through UFW allow the private IPs or block all. Straight forward. I failed to apply UFW blocking these local connections assuming it was completely private and never checking myself…

1 Like