How to protect origin server?

Sato asked:

I have an AWS EC2 as origin web server, and cloudflare in front of it. And I cached all static files in Cloudflare, but still there are many static files access logs in log files.

Is it possible to find out origin behind CloudFlare?

 CloudFlare  (cname => AWS ELB, => )
=> ELB  (:80 => origin-ip:8080)
=> Origin server (:8080)

Normally, how much would people know about my web server?

My answer:

The IP address that accessed your site is passed in CloudFlare’s own CF-Connecting-IP header. You should always use this instead of X-Forwarded-For, as that can be supplied by the user and contain untrustworthy information.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.