Hide site's real IP address like Cloudflare does?

I have multiple sites hosted on an Azure VM. So all the domains are pointing to a single IP of that vm.

When someone reverse whois my IP address, he/she could be able to find all the related domains and hosted sites on my VM.

I found cloudflare protects their users by masking the real ip.

So how can I prevent this using any Azure technology or service?

Azure front door? Please help.


Solution 1:

Site you've mentioned in your comments doesn't actually lists real reverse DNS records. I've checked the RR of mentioned IP and it doesn't have any records. This website actually maintains it's own records with direct IPs of the websites and then just does matching lookup. I.e. they have to know your domain first, look up it's IP, record it. Once it find more sites on the same IP it can show them like this. It's not like some sort of standard. They have to literally lookup "every domain on the Internet" to make such database.

If you need to avoid this, you have few ways around:

  1. Get/order additional dedicated IPs for every domain hosted. This costs a little but it's the only real way to split your domains/sites on different IPs.
  2. Services like CloudFlare are actually acting like reverse proxies. They set up real DNS direct records to point to their IPs. When someone accesses these, they will proxy your traffic to your real IP. Thus effectively "hiding" your IP behind theirs. CloudFlare only works with HTTP/HTTPS proxy. But it offers this feature even on free plan. Some other similar service providers are available for this but discussing them are out of scope of this website.
  3. You can set up your own proxy/load balancer same they like public services does. Some software like HAProxy can do this. But you'll still face the fact that now you will expose your proxy IP instead and if you have only one IP for your proxy this won't make much different in terms on hiding how your domains are related to each other. But it's used sometimes either for load balancing, fail over connections and/or hiding backend webservers IPs behind proxy for security reasons.

As you've mentioned you want to hide which sites you host on your IP you can go around number 1 or 2 mentioned above.

EDIT: One more thing to think of. As you've already "exposed" your domains by linking them on same IP there is no way to tell if such databases as you've mentioned will delete their current records. They can still keep an old records. If you really need to avoid this, you have to setup things like reverse proxy or dedicated IPs from the beginning. But most of such website will update their databases once you'll change your IPs to reverse proxy or dedicated. But this might take months because as I've said before they are literally keeping records of every domain (having a working website probably) of the Internet they might have set a slow update rates.