Bypass CF security

Hello community, today I made a video where I show how with the TOR browser I can violate the security of CloudFlare. Specifically, I’m talking about the security that the CF Firewall supposedly provides. This must be observed and corrected. Security, such as the blocking of countries or the TOR network, must be improved. Well, without more to say, I attach the video. Thank you very much in advance. Best regards.

Post Data: once it has been corrected, if it should be corrected, please let me know so I delete the video. Thank you. :orange:

:wave: @Nuit,

The list of IPs in Tor is a changing entity. It is possible that there will be differences between the complete Tor network in use and the lists maintained to identify nodes.

-OG

1 Like

Thank you. Then CF can not efficiently block the tor network? What is the FW rule for if it can not be met? I thank you again. Best regards.

:wave: @nuit,

100% on a dynamically changing set of nodes? No.

If you think you have a better source for the current list of Tor nodes I suppose you could use it in conjunction with a worker script to block requests instead… but otherwise while not 100% it is still very effective from my experience.

-OG

1 Like

So I think you should fix this article:

:+1:

:wave: @nuit,

Like country IP blocks are not 100% because there is no 100% reliable source to determine where/how networks are allocated. If that article were to be updated, what should be changed?

-OG

2 Likes