I was looking at the websites of some Korean Exchange's APIs. When I did a lookup of they're ip on maxmind it says that they're using cloudflare with coordinates in the USA.
However, I know these sites should be around korea because pinging them from korea gives 1-2ms response times. Also, it would make sense that a korean exchange would they're servers based in korea. So how does cloudflare work? Is my data really being routed to cloudflare USA before being routed back to the exchange and then to the US and then back to me? If so, how am i getting such fast response times?
The website Im looking at is api.bithumb.com
Cloudflare uses "anycast" routing, which means that all of Cloudflare's 180+ locations around the world use the same IP address. When you send packets to that IP, the packets are routed to the closest Cloudflare location to you. Cloudflare has a location is Seoul, so when you access a Cloudflare IP address from Korea, that's the location you'll almost certainly go to.
Cloudflare (usually) acts as a proxy in front of the web site's real server. Your HTTP requests go to Cloudflare first, and then are forwarded to the "origin server" from there. Sometimes, responses are served directly from Cloudflare (e.g. from cache, or from a Cloudflare Worker) without talking to the origin at all. There is no way to determine the location of the origin server without talking to the owner—part of the reason people use Cloudflare is to shield their origin server from direct access.
Note that when you ping a Cloudflare IP, your ping packets only go to Cloudflare and back; they do not go to the site's origin server. So, the ping time doesn't tell you anything about where the origin server lives.
Related
I have gotten into making web pages with apache/nginx and I want to know whats the best way to have either a proxy or a VPN setup so whenever anyone points at my domain they won't get my IP so easily
The Domain should auto change the IP if it sees any changes so that shouldn't be a problem
I wanted to make a proxy list into a file and use it but I haven't really find a way yet
Any Suggestions?
You can set up a reverse proxy with nginx and apache i.e. when someone tryies to access your website by typing in your domain, their web browser will query a domain name server to get the IP address associated with you're domain. Their web browser will then send a request to your nginx server IP which will then in turn send a request via reverse proxy to your apache server IP where the physical web page files are located. Apache IP address returns the requested web page files to nginx IP address and nginx in turn returns the requested web page files to the client IP address.
I have very little knowledge on CloudFlare.
Currently all my application traffic goes through Akamai. what i am looking for is a way to create a new DNS at CloudFlare and route specific requests through CloudFlare.
For example if you configure the same in AWS CloudFront you can give an alternate name for the domain and use it instead of the origin urls and route specific traffic with specific rules.
but with CloudFlare the only way is to move all incoming traffic to CloudFlare as it is asking to replace the name servers with CloudFlare name servers.
i am looking for a way to create a new domain name or alternate domain name(similar to CloudFront) at CloudFlare and use it to route specific requests to my Akamai URLs based on page rules.
Is it possible to achieve??
Thank you in advance.
When you onboard a zone on Cloudflare, you can onboard it in FULL mode (Cloudflare becomes the authoritative DNS, by pointing the nameservers as you mention) or in Partial/CNAME mode (you retain an external authoritative DNS and point specific subdomains to Cloudflare). This could help you in separating which traffic goes through Cloudflare and what does not.
At the time of writing, The Partial/CNAME onboarding is available on Business or Enterprise plans. Documentation is provided at this link
Another possibility could be to direct all the traffic to Cloudflare and then use the Load Balancing capability and custom rules to route the traffic as required.
I've just set up CloudFlare on my web app. The free version, since my app isn't generating any revenue right now.
Now all my traffic is routing through CloudFlare's servers, correct? And that connection is "secure" because it's under HTTPS -- Chrome even displays the green padlock.
But CloudFlare is still communicating with my server over HTTP (unsecure connection), are they not?
Doesn't that mean all my client's data is sent in the clear between CloudFlare and my server? And that makes it not really secure at all, despite what Chrome thinks?
No.
The "Flexible" option of the "Crypto / SSL (with SPDY)" setting is not secure. If you read the "Help" text it says:
There is an encrypted connection between your website visitors and CloudFlare, but not from CloudFlare to your server.
You must install an SSL certificate on your own server and then select the "Full SSL (strict)" option to be secure.
You can configure the origin for the CDN (i.e. your servers that provide the original version of the content to be distributed across the CDN) to provide data using HTTPS. With the pro version (which you are not currently using) you can also use the SPDY protocol. HTTPS communication between the CDN and your servers protects that part of the communication path.
Additionally, and optionally, you can use Authenticated Origin Pulls (also available in the free version) to ensure that the CDN and origin (you) are both who you claim to be.
My company is looking at creating a subdomain for content that's currently stored in a subfolder on the site. As an SEO this decision makes my skin crawl. Since the decision has been made to implement the subdomain (server architecture decision to move parts of the site to a cloud provider), I would like to have IT implement a reverse proxy so we don't have to 301 the whole content base to a fresh subdomain.
One of the main objections IT has is that if we implement he reverse proxy, and there are issues with content or webpage functionality, the cloud provider will point to the reverse proxy as the issue.
My question is, unless we're specifically blocking access from outside the reverse proxy server, aren't the pages still accessible directly using the subdomain, or specific server ip address?
Example:
www.Example.com/blog hosted in say our Florida datacenter
becomes
www.Example.com/blog actually pointing to blog.Example.com hosted in say an Amazon EC2 cloud
Wouldn't a user still be able to access blog.Example.com directly unless we specify that we will only allow traffic from whatever the proxy server's IP address is?
I realize leaving access open to the world would introduce additional SEO considerations, but I can manage around that.
Yes, adding a reverse proxy to the mix just adds another route in to the destination URL, it's much like adding a 301 redirect to a page doesn't mean traffic can't get in using other means.
I need to implement some search functionalities in my app and want to use Google SSL.
https://encrypted.google.com
Can the ISP still see what you are searching by analyzing the querystring? If so then what's the point of this service?
When using SSL (https) all traffic including the query string is encrypted. All that ISP can see is host address and TCP port number. If the page that you are viewing contains insecure content (http) you should be warned by your browser.