>and only the legitimate administrator needs to know the true IP address for ssh
Again this is a blanket statement. I recently integrated with a service that required sftp access to function. Is this ideal? No, but if I could recreate the service efficiently I wouldn't be paying for it in the first place.
This and the websockets scenario were just two examples I can come up with from personal experience, I'm sure there are many other situations that I've never come across.
My point is that the above commenter was acting like cloudflare is a panacea for DDOS attacks.
>"A properly configured CF setup will mean your real server IP never gets revealed ever."
This makes it sound like only engineers who are inept with cloudflare are vulnerable to origin ip leaks which simply isn't true.
> Plenty of websites can be perfectly hidden behind CloudFlare as long as they don't have an MX record or unused subdomain that points to the same server.
Again this is a blanket statement. I recently integrated with a service that required sftp access to function. Is this ideal? No, but if I could recreate the service efficiently I wouldn't be paying for it in the first place.
This and the websockets scenario were just two examples I can come up with from personal experience, I'm sure there are many other situations that I've never come across.
My point is that the above commenter was acting like cloudflare is a panacea for DDOS attacks.
>"A properly configured CF setup will mean your real server IP never gets revealed ever."
This makes it sound like only engineers who are inept with cloudflare are vulnerable to origin ip leaks which simply isn't true.
> Plenty of websites can be perfectly hidden behind CloudFlare as long as they don't have an MX record or unused subdomain that points to the same server.
I agree with you here 100%.