Comment by q3k
3 months ago
Plenty of ways to leak the original server IP address if it isn't really well hardened against that (and most aren't).
3 months ago
Plenty of ways to leak the original server IP address if it isn't really well hardened against that (and most aren't).
Like? Aside from scanning DNS records (assuming the protected IP is in there somewhere) or scanning the entire IPv4 (assuming the server responds to non CloudFlare requests), I can't think of any. And both methods are simple to protect against.
Some of it is tradecraft, but have two: SSRF bugs/features and chatty email headers.
Right. Still a far cry from "anyone can bypass CloudFlare" though.