Very easy to bypass Cloudflare by hitting the Origin IP directly (if known). I would argue that on top of using ACLs to restrict inbound connections to CF sources, a new IP should be used for the website if possible. This renders any DNS history moot. Nice write-up. https://t.co/KXR8P3IYFy