WAF Loophole attack scenario

Lets say I have a service running on IP: XX.YY.ZZ

If I use Cloudflare reverse proxy to XX.YY.ZZ, everything is fine because Cloudflare will only send safe requests to XX.YY.ZZ.

But what if someone somehow finds my service IP somehow? Won’t my service be vulnerable to attacks?

Do companies usually install Cloudflare and also an in-machine WAF too? Thanks.

It’s a lot easier to just limit access to your service to connections from Cloudflare IPs.

1 Like

Makes sense, Thanks.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.