Real IP revealed on websites running CF services

Can those websites that use Cloudflare’s javascript to get UA and IP data reveal my real IP if I use with WARP?

A website like this is for e.g.:

They see my real IPv4 address and the Cloudflare IPv6 address.

If this is intentional, doesnt this mean a privacy breach?

Certainly. WARP wasn’t designed to anonymize access. Only to securely tunnel your requests through the Cloudflare network.

1 Like

Thanks for quick response.
Is there any documentation how to configure Windows firewall to only allow all traffic through WARP tunnel and block everything else? I want to achieve kill-switch functionality with with WARP.

What is your current setup? are you connecting through RDP to another machine?

I use my PC with Windows 10 Pro and I dont use RDP or anything else to connect any remote device. with WARP is on and all apps using the network is able to access the Internet regardless with WARP is on or not. If you configure Win firewall, you can manually create a kill-switch to prevent network traffic outside of the WARP tunnel.

Honestly, it sounds like you are looking for a privacy solution rather than what WARP is truly for. WARP acts like a VPN, but it won’t hesitate to expose your IP address or intercept and MITM the HTTPS traffic if you enable the layer7 firewall.

For example, WARP is good when you have remote servers and you need to access them from the internet, in those scenarios you can use WARP to allow only traffic that comes from the VPN. It is similar to what you’d achieve with WireGuard but considerably easier to setup/

Thanks for clarification. That makes sense.

In below CF blog I read “1. We don’t write user-identifiable log data to disk;” in “What’s the Catch?” section.

Does this mean CF doesnt collect and retain any logs (connection log, IP address log, traffic log) mentioned in below article in “The types of logs and how they’re used” section?

  1. We don’t write user-identifiable log data to disk;

This is a callout to those vendors focused on privacy that carelessly store sensitive information on disk.

Note that they emphasize the fact that they won’t sell nor misuse it, part of WARP security is the fact that I can monitor and block the activity that occurs on our work machines, so it certainly is readable and stored by Cloudflare.
It’s a great tool but it’s not your generic VPN that hides your identity, WARP should be used for parental monitoring/blocking access to some sites or by businesses to achieve zero-trust without having the hassle of setting up wireguard or similars.
The fact that multiple people seem to be confused with how WARP truly functions makes me believe that maybe Cloudflare didn’t present WARP in the best possible way.

I agree with you in your last statement.
Thanks for quick answers. I mark topic as solved and closed.