How Origin IPs Leak
When you use Cloudflare, visitors connect to Cloudflare's edge servers, which then forward the request to your Origin Server. Your Origin Server's true IP (e.g., 123.45.67.89) is supposed to be hidden. However, misconfigurations often leak it.
Common Leak Vectors:
- MX Records: Mail servers often reside on the same IP as the web server but cannot be proxied by Cloudflare.
- Subdomains: Developers often create
dev.example.comorftp.example.comand forget to enable the "Orange Cloud" (proxy) for them. These "Gray Cloud" records expose the real server IP. - DNS History: If you moved to Cloudflare but didn't change your server IP, historical DNS records (available via tools like SecurityTrails) will reveal your old A record, which is still your current IP.