Comment by olalonde
3 months ago
Like? Aside from scanning DNS records (assuming the protected IP is in there somewhere) or scanning the entire IPv4 (assuming the server responds to non CloudFlare requests), I can't think of any. And both methods are simple to protect against.
Some of it is tradecraft, but have two: SSRF bugs/features and chatty email headers.
Right. Still a far cry from "anyone can bypass CloudFlare" though.