Highest Voted 'cloudflare' Questions - IT Security Stack Exchange

1

vote

0 answers

HSTS over HTTP-CDN-HTTPs chain

I'm using CloudFlare's flexible SSL: Flexible SSL: You cannot configure HTTPS support on your origin, even with a certificate that is not valid for your site. Visitors will be able to access your site over HTTPS, but connections to your origin …

asked May 31 '18 at 05:46

niguhuzal

11
1

1

vote

1 answer

Should a CDN service like Cloudflare protect against Brute Force Attacks, or only from DDoS?

I know that CDN services usually protect a user by hiding it's original machine's IP and by screening (and banning) any attackers that send too many requests in the form of DDoS. But should a CDN service like Cloudflare protect against Brute Force…

brute-force cloudflare cdn

asked Apr 08 '18 at 07:21

user9303970

443
1
4
15

0

votes

1 answer

What happens if both DoH and DoT are enabled?

If I have DNS over HTTPS and DNS over TLS activated simultaneously (router has DoT activated and smartphone browser has DoH activated, so I see on https://1.1.1.1/help DoH: yes and DoT: yes), which one is used?

dns dnssec cloudflare doh dot

asked May 20 '22 at 15:18

iwab

71
2

0

votes

1 answer

Cloudflare SQLinjection protection

I'm testing for vulnerabilities for a specific site using sqlmap. However, the site has a cloudflare firewall which blocks queries including for example *, ANY or OR. I sort of found a bypass while searching for people who've bypassed it. They…

sql-injection sqlmap cloudflare

asked Jan 19 '22 at 17:05

nonetype

1
1

0

votes

1 answer

My ISP seems to be intercepting my DNS requests even though my router is set to use Cloudflare

I am using an Indian ISP, one that is notorious for DNS hijacking and script injection (BSNL). I have my router set to use Cloudflare's Family DNS. But despite this, every time I attempt to access a website that I have not accessed recently, my…

dns isp cloudflare

asked Nov 22 '21 at 04:26

ShankarG

101
1

0

votes

0 answers

What are the benefits of using a Cloudflare's DNS (not WARP) instead of ISP's DNS?

What advantages users get, specifically, from 'PRIVACY' point-of-view? Can ISP still see and log browsing history? Can user's location be still traceable? What's the ultimate security & privacy level one can achieve by using Cloudflare's DNS in lieu…

privacy dns isp cloudflare

asked Sep 14 '21 at 06:24

Seven T

11
3

0

votes

2 answers

Can wide IPv6 adoption make technologies like ECH obsolete?

Encrypted Client Hello (ECH) encrypts the whole Client hello and because of that ISPs won't know which website any given user intends to visit unless the website is using a dedicated IP address and the ISP have already associated the IP address with…

encryption tls cloudflare

asked Aug 18 '21 at 07:04

Pooya Estakhri

103
3

0

votes

1 answer

pfsense subdomain timeout with error 522

I want to attach a valid ssl subdomain to my pfsense. I would check it (with warnings) via my the pfsense's IP 192.168.11.1 . I used multiple tutorials to come up with the following: Bought a domain Set the domain's namespace to cloudflair Setup an…

letsencrypt cloudflare pfsense

asked Jul 16 '21 at 20:43

SILENT

166
5

0

votes

2 answers

No SSL between Cloudflare and S3 static site. A big security issue?

So I have a S3 static website. Domain, DNS and proxy is managed via Cloudflare. Cloudflare is set to communicate with browsers using SSL and it in fact enforces SSL for non-SSL requests. However, traffic between CF and S3 is http only, as S3 buckets…

tls amazon-s3 cloudflare

asked Apr 03 '21 at 08:41

marko-36

101
1

0

votes

1 answer

Cloudflare Full Strict HTTPS flow

I would like to understand Cloudflare full(strict) SSL flow. Because if user type https://example.com it redirects to Cloudflare web servers. So how Cloudflare decrypt HTTPS data before sending to origin host without browser warning ? How…

tls cryptography waf cloudflare

asked May 06 '20 at 22:06

FariZ

113
4

0

votes

2 answers

Is using Cloudflare, and other services that proxy your site, a security hazard?

If I understand correctly, they can see all the requests that are coming in to your server. So, all POST requests (user credentials, comments user posts, and many more) can be seen by Cloudflare (responses are protected if your site just allows…

cloudflare

asked May 06 '20 at 07:32

Tomas

13
2

0

votes

0 answers

Requests logged in Cloudflare as "XSS, HTML Injection - Body"

Rule name: XSS, HTML Injection - Body Rule: 100096BHTML Since about a week ago, requests matching this WAF rule have strongly increased on a customer's website. This is an example graph showing only the number of those flagged requests over 24…

xss waf cloudflare

asked Jun 04 '19 at 20:56

hey

111
3

0

votes

1 answer

CentOS payload injection attempts?

My PHP logs have been flooding with seemingly random attempts to access scripts and software which isn't installed on my server. At first, All the attempts came from a single IP, I was using CloudFlare, so I was able to block the IP address. I…

php centos cloudflare

asked Nov 09 '18 at 20:43

DireDoesGames

11
3

0

votes

1 answer

SSL to web server from Cloudflare

Hey I have Cloudflare protecting my website. I had a Let's Encrypt SSL certificate encrypting it before. If I send a request and it passes through Cloudflare. When it gets to my web server will it be secured by the Let's Encrypt SSL certificate?

encryption tls cloudflare

asked Apr 18 '18 at 12:45

coolio85

5
2

0

votes

1 answer

Cloudflare cipher selection based on AES-NI support

How does Cloudflare selects AES ciphers on devices with AES acceleration and ChaCha on devices without it ?

tls nginx cloudflare

asked Jun 09 '17 at 03:41

user3448600

259
1
2
7

Questions tagged [cloudflare]