Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Linux445231yAsk in the right forum instead of this place
Here, we hate cloudflare - the Giant Man In The Middle - fuck em
You better of not using cloudflare, and instead use something ethical.
@DwightSchrute if they all point to the same server then it could be possible to try to send requests to b.test.com and c.test.com via a.test.com ... if they get through or not is up to the server config. So, yes - theoretically it does put them at risk, however, if all the subdomains reside each on it's own individual server nor get proxied or served via the main domain name 'test.com' (not a "shared host" - each subdomain has it's own IP and runs on a different server essentially) then, even with a fairly default config such a situation is less likely.
lungdart5431yCloudflare likely only protects servers from external requests (As in external from trusted sources) and allow all request between services to prevent blocking API calls and the like cross domain.
If you unsecure a domain, and it's compromised, there would be no protection against an SSRF vulnerability in the compromised domain from bypassing the security measures cloudflare protects against.