Y
Hacker News
new
|
ask
|
show
|
jobs
by
q3k
209 days ago
Plenty of ways to leak the original server IP address if it isn't really well hardened against that (and most aren't).
1 comments
olalonde
208 days ago
Like? Aside from scanning DNS records (assuming the protected IP is in there somewhere) or scanning the entire IPv4 (assuming the server responds to non CloudFlare requests), I can't think of any. And both methods are simple to protect against.
link
q3k
208 days ago
Some of it is tradecraft, but have two: SSRF bugs/features and chatty email headers.
link
olalonde
207 days ago
Right. Still a far cry from "anyone can bypass CloudFlare" though.
link