Non-Cloudflare IP ( contacting my Origin server


I have a site which hosts a Teamspeak 3 Banner (a image that gets refreshed every minute by hundreds of people) and it’s cached to one minute with a Page Rule and my nginx config.

Now I wanted to create a forum and we noticed that we all login from the same IP which is (Scaleway - Online S.A.S.) and that’s weird because I DO have set_real_ip_from on nginx and it worked fine.

On my DNS records I have only my web server IP which is at OVH and Cloudflare Proxy is turned on.
When you go on (lol for lele.php) you SHOULD see your IP but you see the IP:

If I block the IP on my machine directly with iptables -I INPUT -s -j DROP the site becomes completely inaccessible. (it shows the cloudflare error that the origin server is down).

If I do a set_real_ip_from; then my IP shows up at which works fine BUT I don’t want a IP to sniff my data especially passwords in plain text now.

Well done my site is in a MITM attack.

Here are some follow up screenshots, info that I found from that IP:

Sorry, my mistake it was Cloudflare’s Railgun which is still weird that they let a different origin server contact your server

1 Like