How to solve the problem of source IP leakage and DD attacks even when using Cloudflare CDN?

RGJ · September 14, 2024, 8:29am

You can prevent a lot of leaking by doing the following

set up a proxy server like Tinyproxy on a different VPS
set the environment variable HTTPS_PROXY and HTTP_PROXY so Discourse will use that (set them in the env section of your app.yml)
set NO_PROXY='127.0.0.1, localhost, <internal-network>'

See also Install discourse with internet access only via proxy, Configuration outbound proxy and Discourse Link previews through a proxy server? - #14 by supermathie

Also, when you’re behind CF, you can modify the firewall on your Discourse host to only allow incoming traffic from your Cloudflare IPs (and the host you access it from yourself)

Topic		Replies	Views
Only allow Cloudflare IPs for Discourse server Installation	18	3591	June 21, 2023
Discourse, Cloudflare and IP Bans Support	9	2184	December 4, 2020
Site is accessible on the IP address when not following th install guide Feature	18	1994	June 30, 2020
Preventing DDoS on a Discourse instance? Support	9	1860	March 14, 2022
Reverse proxy for Discourse \| Real IP masking Installation	14	1583	August 19, 2023

How to solve the problem of source IP leakage and DD attacks even when using Cloudflare CDN?

Related topics