1. The user's origin server IP has been exposed.
  2. The user has enabled Authenticated Origin Pulls service and is using Cloudflare's shared certificate for mTLS (mutual TLS) functionality.

Certainly, meeting both of these conditions simultaneously is challenging, and the majority of users do not need to worry about this scenario.


Firstly, avoiding the exposure of the origin server IP is a crucial principle in cybersecurity awareness. When the origin server IP is exposed, it's equivalent to placing users in a high-risk environment, allowing hackers to potentially launch attacks at will. Secondly, for users with specific security requirements, the team recommends considering the following security enhancements:

  1. Origin validate SNI value during SSL handshake.
  2. Authenticated Origin Pulls with custom certificate (not default cf certificate).
  3. Transform Rules add request header to origin.
  4. Rotate Origin IP addresses.


The Omni Intelligent Services technical team emphasizes that cybersecurity issues are constantly evolving, and information security defense mechanisms are just one aspect of protecting enterprises. The key challenge lies in elevating cybersecurity awareness. The team is committed to providing clients with the latest knowledge in information security and offering state-of-the-art information security technologies to ensure the safety of enterprise information. The team is always ready to respond swiftly and address clients' concerns, ensuring the security of enterprise information. If you would like to delve deeper into this topic, please feel free to contact us.