New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Very weird behavior of Cloudflare Warp
Same ip (104.28.219.140
), different warp=
status.
Do you know the reason?
# curl -4 -i https://lowendtalk.com/cdn-cgi/trace
HTTP/2 200
server: cloudflare
h=lowendtalk.com
ip=104.28.219.140
visit_scheme=https
uag=curl/7.68.0
colo=AMS
sliver=010-tier1
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519
# curl -4 -i https://gitlab.com/cdn-cgi/trace
HTTP/2 200
server: cloudflare
h=gitlab.com
ip=104.28.219.140
visit_scheme=https
uag=curl/7.68.0
colo=AMS
sliver=010-tier1
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519
More
# dig +short lowendtalk.com
172.67.68.9
# curl -4 -i https://lowendtalk.com/cdn-cgi/trace --resolve lowendtalk.com:443:172.67.68.9
HTTP/2 200
server: cloudflare
h=lowendtalk.com
ip=104.28.219.140
visit_scheme=https
uag=curl/7.68.0
colo=AMS
sliver=010-tier1
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519
# curl -4 -i https://gitlab.com/cdn-cgi/trace --resolve gitlab.com:443:172.67.68.9
HTTP/2 200
server: cloudflare
h=gitlab.com
ip=104.28.219.140
visit_scheme=https
uag=curl/7.68.0
colo=AMS
sliver=010-tier1
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519
# curl -4 -i https://lowendtalk.com/cdn-cgi/trace --resolve lowendtalk.com:443:172.65.251.78
HTTP/2 200
server: cloudflare
h=lowendtalk.com
ip=104.28.219.140
visit_scheme=https
uag=curl/7.68.0
colo=AMS
sliver=010-tier1
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519
So what's this IP 172.65.251.78
?
Comments
That seems to be one of the Cloudflare Proxy servers.
Since when you enable proxying (Cloud icon for A/CNAME record) in Cloudflare dashboard, you don't access the lowendtalk.com server directly but a Cloudflare proxy which in turn accesses the real server IP.
Many people use Cloudflare DNS for hiding their hosting provider IP, also you get caching benefits plus faster access trough the proxy, since Cloudflare has a lot of POPs in multiple datacenters all around the world.
Take a look at this:
https://www.cloudflare.com/network/
By using the proxy method you also gain a free SSL certificate and don't need to worry about renewing it, since CF does that for you. Bear in mind tough that connection is secure between you and CF but most probably not secure between CF and your server.
Read more about the proxy feature here:
https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/
Hope it helps !
All of those IPs are in the cloudflare ip ranges, all these requests should return same warp status (
warp=on
), but the A and AAAA ofgitlab.com
are very special.what does "sliver=010-tier1" mean?
i also see on few sites as "sliver=none"
Request splitting
https://github.com/fawazahmed0/cloudflare-trace-api#return-format
It refers to data centers Cloudflare uses for progressive rollouts of software updates 🙂