Hacker News new | ask | show | jobs
by olalonde 217 days ago
Like? Aside from scanning DNS records (assuming the protected IP is in there somewhere) or scanning the entire IPv4 (assuming the server responds to non CloudFlare requests), I can't think of any. And both methods are simple to protect against.
1 comments
q3k 216 days ago
Some of it is tradecraft, but have two: SSRF bugs/features and chatty email headers.
link
olalonde 216 days ago
Right. Still a far cry from "anyone can bypass CloudFlare" though.
link