[ADuckOnQuack]

Cloudflare has guides on several different approaches for preventing access from non-cloudflare IP addresses[1], I’m pretty sure they also direct you to this information as part of the setup process for new domains. For paying customers who aren’t technical they also offer “cloudflare tunnel” which is very simple to set up [2]. It would be nice if cloudflare has automation to proactively checked and reach out to paying customers who do have their servers exposed though. [1] https://support.cloudflare.com/hc/en-us/articles/200170166-B... [2] https://www.cloudflare.com/products/tunnel/

[unknownaccount]

>It would be nice if cloudflare has automation to proactively checked and reach out to paying customers who do have their servers exposed though

I suggested this idea to them months ago and was ignored. The way I see it, they rather continue to profit off of these ignorant customers rather than upset them by alerting them to the danger they are exposed to.

[fomine3]

> continue to profit off of these ignorant customers

What you mean? Anyway they get service fee and receive traffic regardless of origin server is vulnerable to DDoS. I agree it's good to have such feature but it's neither CF's fault nor a pitfall they make. I don't find any bad faith here.

Also it works as a CDN even if origin server is exposed, unless origin server is attacked.