Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Linux434903yAsk in the right forum instead of this place
Here, we hate cloudflare - the Giant Man In The Middle - fuck em
You better of not using cloudflare, and instead use something ethical. -
@Linux okay just thought itd be fun to talk here instead of forums, forums are boring as fuck
-
@theKarlisK Thanks, yeah they all have their own vms aka not the same ip nor os. so I guess it should be fine then
-
Cloudflare likely only protects servers from external requests (As in external from trusted sources) and allow all request between services to prevent blocking API calls and the like cross domain.
If you unsecure a domain, and it's compromised, there would be no protection against an SSRF vulnerability in the compromised domain from bypassing the security measures cloudflare protects against.
Related Rants
Hey. I'm still very new to CloudFlare and I have a question.
Let's say that I have 4 sub domains: a.test.com, b.test.com, c.test.com, d.test.com. They're all under the same domain (test.com).
I have a page rule setup specifically for a.test.com, where "Disable security" is set to On. I did this as a temporary solution so that I can figure out the problems that a.test.com has when the security is enabled (had users complaints regarding not being able to send requests with CF security On), so that it is still accessible while I try to fix it..
By turning disabling security for a.test.com, do I put others (b, c, d) at risk? I had someone telling me that it is possible for attackers to make use of a.test.con (unprotected by CF) in order to attack the other sub-domains. "a.test.com has no protection so attackers can use it to send requests to other secured subdomains, cross-site attack" or something along that line.
I don't get this. I thought page rule is supposed to be active only for the domain where it's being set up and the rest will still be secured, and that if attacker manages to attack the other subdomain its due to the others not having secure applications inside of it.
Dunno if that person was telling the truth or tried to mess around with me with their joke!
Thanks!
question
security
cloudflare