Lets say I have a service running on IP: XX.YY.ZZ
If I use Cloudflare reverse proxy to XX.YY.ZZ, everything is fine because Cloudflare will only send safe requests to XX.YY.ZZ.
But what if someone somehow finds my service IP somehow? Won’t my service be vulnerable to attacks?
Do companies usually install Cloudflare and also an in-machine WAF too? Thanks.