My host's load-balancer doesn't apply fire-wall for CF's IP range. Is this a problem?

My host’s current load-balancer does not apply a fire-wall, it’s open via 443. So if users hit the domain at its IP it’s seen, but unsecure as the SSL doesn’t match.

I wonder if this is a problem, outisde of IP discovery?

(I am talking to host to allow CF’s IPs only, and sort me right.)

I know this could be DDOS’d and hard with a fixed IP and being discovered but beyond that any security issues with this available? So if I got to an IP like https://10.20.20.20/ it won’t affect users on https://securesite.com/ tho its same server?

I think the primary concern here would be that traffic can bypass Cloudflare and go straight to your server. That may or may not be a problem for you.

The fact that your site is accessible through this other address doesn’t affect your end users. They would enjoy the benefits you get from Cloudflare when visiting your main address. Problems like the validity of the certificate when someone comes in through another address doesn’t affect them.

The only theoretical problem (I’m trying hard here) I can see is if this other way in would be indexed by say Google. Then you have an actual end user impact (that can be solved with an HTTP redirect to your main address when your server sees an unexpected hostname).

That was actually along the lines of what I was thinking “worse-case”; potential fear of users all going in unsecure but only if the IP is used (and shouldn’t be).

I guess my host was anticipating to handle attacks and didn’t include a firewall with their managed load-balancers. For now just means I don’t run CF at its fullest abilities.

If there’s no other fear we’re good. Appreciate that from another mind! :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.