Cloudflare Domains
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
In each TLD configured in Cloudflare there are some general settings and services that can be configured. In this page we are going to analyze the security related settings of each section:
TODO
TODO
If you can, enable Bot Fight Mode or Super Bot Fight Mode. If you protecting some API accessed programmatically (from a JS front end page for example). You might not be able to enable this without breaking that access.
In WAF: You can create rate limits by URL path or to verified bots (Rate limiting rules), or to block access based on IP, Cookie, referrer...). So you could block requests that doesn't come from a web page or has a cookie.
If the attack is from a verified bot, at least add a rate limit to bots.
If the attack is to a specific path, as prevention mechanism, add a rate limit in this path.
You can also whitelist IP addresses, IP ranges, countries or ASNs from the Tools in WAF.
Check if Managed rules could also help to prevent vulnerability exploitations.
In the Tools section you can block or give a challenge to specific IPs and user agents.
In DDoS you could override some rules to make them more restrictive.
Settings: Set Security Level to High and to Under Attack if you are Under Attack and that the Browser Integrity Check is enabled.
In Cloudflare Domains -> Analytics -> Security -> Check if rate limit is enabled
In Cloudflare Domains -> Security -> Events -> Check for detected malicious Events
मैंने सुरक्षा से संबंधित कोई विकल्प नहीं पाया
आपको पहले ही cloudflare workers की जांच करनी चाहिए
TODO
TODO
TODO
TODO
TODO
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)