0

SCENARIO:

webapp X use clodufront distributions to serve its content. It's possible to contact directly the origin server and get the content with the following steps:

  1. modify /etc/hosts to add <ORIGIN SERVER IP> <WEBAPP URL>
  2. intercept the request to <ORIGIN SERVER IP>
  3. change from https to http
  4. modify Host substituting <ORIGIN SERVER IP> with <WEB APP URL>

If I reach the server in the described way the server response doesn't send the header Via: cloudfront... so I guess I'm talking directly to the origin server.

Is this behavior correct or should be addressed?

Maicake
  • 497
  • 1
  • 3
  • 13
  • 1
    similar to https://security.stackexchange.com/questions/225428/does-cloudflare-masking-my-ip-make-my-server-more-secure – mti2935 Dec 09 '20 at 13:28
  • 3
    Is CloudFront meant to be a security control, or just a CDN? If the developer of the webapp meant to use it as a security control (for example integrating AWS Web Application Firewall), then such a misconfiguration can be considered a weakness, but not necessarily a vulnerability. – reed Dec 09 '20 at 14:20

0 Answers0