Hello and welcome to my first tutorial on Cloudflare Secuiry.
This tuturial is for those who do not know about cloudflare, if you know enought about Cloudflare and its security then you can skip this part.
First of all let us discuss what services cloudflare provides the customer. Below is the overview of cloudflare given on thier website.
"CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
The above lines describes some significat services provided by Cloudflare to its user such as Cloudflare automatically performs a browser integrity check for all requests to website by evaluating the HTTP headers for threat signatures. If a threat signature is found, the request will be denied, User can set the desired security setting for your site and then CloudFlare’s network stops the threats before it reaches website, DDOS protection etc.
All we can understand if that Cloudflare can become a pain in the ass while penetration testing a website on the other side if Cloudflare successfully proxifying a website server real IP then it will close the Attack surface of Network Pentest too.
So to Bypass Cloudflare we can use some tricks, which actually cause because of some misconfigurations by the admin of the website.
In the Next part we will discuss our First way to bypass Cloudflare security.
Thats all for the introduction of cloudflare, see you in the next tutorial of Cloudflare Bypass.
Author : Zenodermus Javanicus
Date : 2014-02-26