Hiding the origin on cloudflare


While researching Cloudflare and best practices to use to protect my server I ran into an article by Cloudflare about protecting the origin IP (the IP where the website is actually being ran from) because you would be able to circumvent all of Cloudflares ddos protection if you had it.

What interested me was specifically this section:

Never initiate an outbound connection based on user action
If the attacker can get your web server to connect to an arbitrary address, they will reveal your origin IP. Features like “upload from URL” that allow the user to upload a photo from a given URL should be configured so that the server doing the download is not the website origin server. This is important because if an attacker can choose the URL entered, they can set up a web site specifically to monitor who connects to it, or use a public service that monitors the IPs that contact unique URLs.

I have tested this and indeed it does appear to get the origin IP from the server when uploading a remote image, so my question is what if anything can I do to stop that?


it gets IP because the image is parsed, you’d have to set up a proxy on the back end

(Rafael dos Santos Silva) #3

Related topics:

(Jeff Atwood) #4