
Ask HN: Are IP addresses behind Cloudflare really hidden? - cfqss
If I host a site behind Cloudflare, when I check the dns records, they point to IP addresses owned by Cloudflare i.e not where the servers are hosted.<p>Since Cloudflare is just a reverse proxy, an attacker could ddos my site if he knows my real IP. Is this something to be worried about or is my IP safe?
======
zlagen
Yes, any attacker can search for your site's DNS history and try to find the
real ip there. For example you can get the history for some sites using this
service: [https://www.netcraft.com/](https://www.netcraft.com/)

The good thing is that there's a real fix for this and is to configure your
server's firewall to only accept requests from Cloudfare's ips.

~~~
cypherg
^^this. There are a few other tricks to reveal the old/true IP, but adding CF
slows many/most DDoS attacks depending how it's configured.

------
MulliMulli
Move your server to a new IP, block all ports and only allow Cloudflare to
access your server. When I ping my server it only shows Cloudflares ip:
[https://ip-guide.com/info/104.24.127.250](https://ip-
guide.com/info/104.24.127.250)

------
riffic
Do you send any email? Your application can be revealing its IP address in
your mail headers.

