I am often asked if there’s any way to hide a website’s IP address with Cloudflare. It’s a pretty hot topic these days and there are more than a few reasons why someone would want to hide their server’s IP address from the public. Security is usually at the top of the list and is a reasonable concern. Protecting your e-commerce server’s front-facing IP address from the public has its benefits and is a great way to keep automated DDoS attacks down to a minimum. Protecting your domain’s origin IP is also a great way to contribute to the overall privacy of your business.
So, Can I Hide My IP?
Is it possible to completely hide your IP address? The answer is yes, but it’s complicated.
Let’s see what Cloudflare has to say on the matter:
Cloudflare is not an IP protection service and there really is no way to fully hide your IP address online. While basic lookups of a domain on CF will terminate on CF’s IPs and nameservers checking a domain, we are not an IP protection service and there are ways of locating your server IP address whether you are using CF or not.Damon (2019, March 20)
Will Cloudflare Hide My IP Online?
Don’t feel bad. There has always been a lot of confusion around this topic.
Any average Joe who’s curious about your origin server’s IP address will most likely get nothing but a pair of Cloudflare IP’s when they reverse lookup your domain name or query with dig. But we’re not really worried about the average Joe, are we? Anyone wanting to find your origin server’s real IP for something other than curiosity will likely have no problem finding it. Explaining how they can is a whole other story.
Best Way To Use Cloudflare
If you just purchased a new domain with no public historical information tied to it, you never connected that domain to any server, and you setup your domain through Cloudflare first, you have a much better chance of being able to hide your IP address from most of those savvy people. Even if you were able to secure your IP through Cloudflare like this, there are still many ways that your server could be exposing your root IP. If your server has no other services utilizing your root IP address, then you should be safe. Hire a pentester if you’re unsure.
Always remember to make sure your SSL is setup correctly and that you serve your email from a different server. If you can, change your root IP address after you’ve setup Cloudflare. Doing these things will help you keep your IP safe and make it even harder for someone to find your server’s root IP.
Even if you get everything setup perfectly, you still need to be cautious. There are hacking services available on the dark web that cost as little as $5 to find the IP address of any server. We tested this method against a handful of websites that were setup using a reverse proxy from the beginning, and these guys and gals on the dark web were still able to find five out of the ten IP addresses tested through a number of advanced hacking techniques. There are hundreds of other ways to expose your server’s root IP with or without Cloudflare.
So Do I Need Cloudflare?
Just because Cloudflare might not be able to completely hide your origin server’s IP address doesn’t mean that it can’t do a good job of partially concealing your IP address. In addition to making it harder to find your real IP and protecting you from Distributed Denial of Service (DDoS) attacks, Cloudflare does a number of other cool things absolutely free.
We Use & Recommend IP Masking
Here on the Chronic Built website, we use Cloudflare to protect our website from common Distributed Denial of Service (DDoS) attacks. Unless you have another type of service set up to protect your IP, you should signup for Cloudflare’s free protection.
On our primary servers, we run a custom security setup. If you’ve been a client of ours in the past, you may have benefited from our custom DDoS protection and WAF. We still offer our famous WAF and other custom firewall services, but we no longer offer DDoS protection.
If you need a great firewall solution, please check out what Cloudflare has to offer. If you’re looking for something custom, drop us a line.