Security-related query on Cloudflare Workers

Hi there,

I was wondering if someone can use Cloudflare workers to write a script that can be used to directly access my origin server bypassing the security and performance benefits offered by Cloudflare, assuming I’ve whitelisted Cloudflare IP ranges on my origin server for inbound connections.

Of course, under the following assumptions:

  • IP address of the origin server is known to an attacker.
  • Cloudflare IP public IP ranges include IPs that overlap with Cloudflare workers machine IPs.


Your server shouldn’t respond to requests to the wrong hostname, and Cloudflare won’t let other users set a different hostname in the request header.


This topic was automatically closed after 30 days. New replies are no longer allowed.