Masking the host IP address of a website with Cloudflare!

Discussion in 'Tips/Tricks/Mods' started by MarkM, Dec 20, 2020.

  1. MarkM

    MarkM New Member

    Hi! I would like to briefly show that it is possible to mask the host IP of a website with Cloudflare
    For the installation I used The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD (+ I installed Certbot.)

    My steps are as follows:

    1. I changed the NS of my domain to Cloudflare
    2. I went to ISPC and created a website and the LEC.
    3. I changed in the DNS settings the NS as well to Cloudflare.

    4. I waited until the LEC for my site was issued and the site was running
    5. I went to Cloudflare and made the necessary DNS settings, **but NOT activated the Proxy, this I did later!**


    6. I went to the SSL settings in Cloudflare and changed the SSL to full (Full encryption with self-signed Certificate)


    7. I waited until Cloudflare recognized my LEC, (approx 10 minuted) and than I activated the Proxy (Orange color) in Cloudflare.


    I hope this helps and thank you to the developers for this great piece of software!

    ahrasis and Jesse Norell like this.
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    In short you use double dns (CF+ISPC), use self-signed certificates then proxy in CF?
  3. MarkM

    MarkM New Member

    In short, YES! Logically you have to change as well the NS of your Domain Provider to Cloudflare.
    In addition, I made some security modification in .htaccess, in order to have the site as secure as possible. But this is not mandatory for Cloudflare!

    <IfModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

    # Extra Security Headers
    <IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-Content-Type-Options nosniff
    Header set Referrer-Policy "no-referrer"

    You can check this here:

    I forgot to show, that the Proxy really works:

    Last edited: Dec 20, 2020
    ahrasis likes this.

Share This Page