Cloudflare avoid this mistake! 

I never saw a content about THIS here on RU-vid. Thank you very much!!!! Subscribed.

Awesome. I thought I might be the only one who knew of security trails.

Just subscribed and noticed your channel is still a small channel. Can't wait for the new content! Amazing quality.

Thx I find this very helpful. It's something I will be taking some notes on so that I can try it in my own home lab w/ a Debian VM I will spin up. I'm still a bit new to using this type of external connection but I'm trying to practice a bit before I go using it personally.

Thanks for sharing this. As for the solution, I thought setting up the "Authenticated Origin Pulls" in Cloudflare ensured requests to the origin server only come from the Cloudflare network and would be a cleaner solution instead of whitelisting IPs.

One of the least confusing videos :)

Thanks Laurence. I have been meaning to investigate this.

Thanks for making this. I always wondered about this. But was never sure how to go about blocking it or doing anything.

good stuff! made be subscribed to your channel, looking forward for more awesome content.

Thisi s interesting. Thank you for sharing.

good stuff, server side firewall (pfsesnse) create an alias 'cloudflare_IP_List_V4' then make firewall rule to allow alias 'cloudflare_IP_List_V4' and block all other.

If the attacker knows the origin IP then you're asking for trouble, you can block all the ports you like but if they're a hacker worth their salt they'll find a way around your port restrictions. The way I do it for all my clients is to set up the domain on Cloudflare before pointing it to my origin server (before installing the origin server / VPS). If you're moving an existing domain with old dns records then keep in mind that most VPS hosting companies have the option to backup a server instance, then restore that image to another instance (with a new IP obviously), which is also an option (takes me less than 10-15 minutes to do it this way).

Fantastic content - you have earned another subscriber! Thank you Laurence. I use google cloud for hosting. I have followed your approach and specified the cloudflare IP addresses to be allowed through the Google Cloud Network firewall. Hopefully this is better than updating the firewall rules within the Ubuntu instance in my case. Do the cloudflare address ranges change over time?

Great info

Hmm, this seems to assume the DNS before CloudFlare leaked the IP. By by then, even if you move to CloudFlare, the past IP may be leaked. You have to literally move to a new address

Thank you for sharing. Lol subscribing..

Thanks Bro !!

i do basically the same but on vps provider firewall. Only added cloudflare ips to acess 80.443

Is anyone here familiar with Windows Server (more recent iterations) would expose the private IP in this way? (and if so, how to mask it)

Would it be possible to spoof cloudflare's ip address to get to the server directly?

But that will block email traffic since Cloudflare needs to expose IPs. right?

Hi thanks for this video. Is there anyway to make these port restrictions on the CloudFlare side or only in the host?

why dont you use the Authenticated Origin Pulls?

Correct me if I’m wrong, I’m still learning. But would using Cloudflare’s tunneling (not opening any ports on my network) prevent this. When I follow your steps, I’m only seeing Cloudflare IP addresses.

Hey your audio sounds like -12 db and 720p video upscaled to 4k!

ummm i have question, then what will happen with ftp since its require real ip address (but with port 21 tho)??

Or just use your own reverseproxy

Hi sir I need your help.. I have a dynamic website hosting on AWS EC2, added to Cloud Faler recently (cloud front+ cloud flare dns proxy) . But some issues are facing, Some IPV6(not all isp ipv6 requests) requests are not allowing images to load.No problem with the IPV4 request.give me a suggestion.pls.

Thx man. Nice!