Hello Cloudflare Community!
I’ve encountered an intriguing and troubling situation related to my website that uses cloudflare for DNS proxy. I recently noticed that requests from a different domain (who’s DNS is hosted on cloudflare) appear to be aliasing my website. By aliasing I mean that browsing to this other domain is identical in every way to browsing to my domain, as I can see the requests in both my Nginx logs as well as my application server logs.
What’s puzzling is that my Nginx configuration explicitly uses the server_name directive for my domain in the sever{} clause and has a proper 301 redirect from HTTP to HTTPS. Additionally, my SSL setup uses the ssl_client_certificate from cloudflare and ssl_verify_client is set to ‘on’ and I use strict SSL in my cloudflare config. Despite these measures, it seems that this other domain is somehow able to still forward its requests to my domain.
I was able to thwart this to some extent by having nginx look for this other domain in the $http_referrer and returning a 403. However, I feel this is a weak fix as referrers can be spoofed or the domain can be changed to bypass this.
Key Questions:
- How is any of this possible with my domain only listening on 443 and using the cloudflare client cert verification?
- Is it possible for the owner of this other domain to spoof the Host header to make it look like the requests are coming from my domain?
- Are there any other ways that this other domain could be forwarding its traffic to my domain that I might not be aware of? It appears that cloudflare supports URL forwarding, can this be the culprit?
- What additional technical measures beyond referrer checking can I implement in my Nginx configuration to mitigate this issue and protect my website from being aliased?
- Is the owner of this other domain violating any cloudflare policies doing this since they too have their DNS hosted on cloudflare?
Thank you all for your time and assistance!