Why to use authenticated origin pulls?

What is use of the authenticated origin pulls?
I thought its purpose is to keep origins location / ip more secure by blocking other than cloudflare ip ranges from requesting it.
Doesn’t the nginx still leak the origins SSL certificate with the domain names if someone tries to connect to it directly?

Authenticated origin pulls ensure that an attacker who is able to make a request from a Cloudflare IP address is not able to bypass the Cloudflare proxy. It does not generally make it more difficult for an attacker to find the IP address of the origin; it only makes it more difficult to spoof a request and bypass Cloudflare when the IP address is already known.

Yeah good point. If user has some WAF settings enabled in Cloudflare atleast it forces those or nginx returns only error response when contacted directly without letting the attacker into application logic.

This topic was automatically closed after 30 days. New replies are no longer allowed.