Lets Uncover Cloudflare
First of all let us discuss what services cloudflare provides the customer. Below is the overview of cloudflare given on thier website.

 

“CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

The above lines describes some significat services provided by Cloudflare to its user such as Cloudflare automatically performs a browser integrity check for all requests to website by evaluating the HTTP headers for threat signatures. If a threat signature is found, the request will be denied, User can set the desired security setting for your site and then CloudFlare’s network stops the threats before it reaches website, DDOS protection etc.

All we can understand if that Cloudflare can become a pain in the ass while penetration testing a website on the other side if Cloudflare successfully proxifying a website server real IP then it will close the Attack surface of Network Pentest too.

So to Bypass Cloudflare we can use some tricks, which actually cause because of some misconfigurations by the admin of the website.

In the Next part we will discuss our First way to bypass Cloudflare security.

Advantages of using Cloudflare

  • It hides your web-host’s original IP address so that any hacker may not be able to attack the server.
  • It cache your site’s some (or all) resources to load the site quicker and making the actual server work less.
  • It gives you ability to block all the DDoS attacks by changing the site’s security.
  • If your site goes down, Cloudflare will continue serving cached data until your site comes back up.
  • If your domain registrar don’t provide option to add DNS records, you can use Nameservers of CF and add host’s DNS records there.
  • Cloudflare’s base offering is free of cost and allows you to add multiple number of domains.
  • You can block access to your site for certain regions or countries, If you are receiving many attacks from particular countries.
  • It gives you free SSL, which you can use on shared host as well.

Disadvantages of using Cloudflare

  • As Cloudflare acts as a man-in-the-middle, If Cloudflare goes down, your site will also go down, even if your web-hosting is up.
  • Cloudflare allows you to change the security of website to “I am under attack” mode, which blocks all DDoS attempts. But it also blocks all the robots, which is a minus for some people.
  • Sometimes Cloudflare acts weird, like it sometimes disallow access to the site, but it happens once in a blue moon.

What Do You Think on This ? Say Here