New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Censys.io ip leaking
TheWalkingZ
Member
in Help
So im using cloudflare and nginx load balancers and for some reason censys.io is leaking all the origin IPs behind it. im using centos and cloudflare backend certs. Should i setup some kind of firewall rules or there is some hole which i need to look into?
Comments
Make sure that your VPS/Dedi IP is not redirecting to your website or loading your website's ssl certificate
You can also configure your firewall to only accept port 80,443 from cloudflare ips.
Could you please explain this one a bit further. I'm very curious about it.
Type in browser: https://your-dedi-IP
is it redirected to your site?
Allow these IPs to access the site on 80 & 443, block everything else. https://www.cloudflare.com/ips/
But your origin has already leaked so you'll want to get that IP swapped for a new one.
Get new IP and block other Connections. Allow only cf.
No.
This is my configuration for proxy_pass
Iptables:
Reverse proxy settings:
Now on the backend server, I couldn't block 443 because the traffic which comes from a reverse proxy is also blocked.
So I did it like this
@TheWalkingZ
Censys caches their results. If you made any changes that you think should solve the IP leaking, wait a week or so and check their website again.
Also open https://IP (even if the response is 444) and open the certificate information to see if anything points to your domain
It's an SSL cert leak, fix your certificate and swap IPs and it'll be fine.
Yes, it does point to domain with invalid certificate message. How to remove it from there?
How to fix ssl cert leak as im using origin cloudflare cert with settings posted above.