How to solve the problem of source IP leakage and DD attacks even when using Cloudflare CDN?

RGJ · September 14, 2024, 8:29am

You can prevent a lot of leaking by doing the following

set up a proxy server like Tinyproxy on a different VPS
set the environment variable HTTPS_PROXY and HTTP_PROXY so Discourse will use that (set them in the env section of your app.yml)
set NO_PROXY='127.0.0.1, localhost, <internal-network>'

See also Install discourse with internet access only via proxy, Configuration outbound proxy and Discourse Link previews through a proxy server? - #14 by supermathie

Also, when you’re behind CF, you can modify the firewall on your Discourse host to only allow incoming traffic from your Cloudflare IPs (and the host you access it from yourself)

Topic		Replies	Views
Preventing DDoS on a Discourse instance? Support	9	1926	March 14, 2022
How to protect a server's IP from being exposed? Installation	3	1547	May 28, 2023
Hiding the origin on cloudflare Support	3	1356	August 12, 2018
Mailgun leaking server's real IP behind Cloudflare Support	23	6918	September 27, 2022
Query regarding adding Cloudflare Installation	6	907	April 4, 2020

How to solve the problem of source IP leakage and DD attacks even when using Cloudflare CDN?

Related topics