amuhc
January 11, 2021, 8:13pm
1
Problem:
Any user sets nginx to proxy all requests to my domain AAAcom hidden under Cloudflare from their domain BBB.com
Cloudflare sends request to my server, server answered with 200
BBB.com domain steals my content
I can deny all requests but Cloudflare servers, but it will not help. Is there any solution to disable proxying thru Cloudflare? Now i ban such servers by ip, but they can avoid bans changing ips for example
M4rt1n
January 11, 2021, 8:52pm
2
In the end they can (even if you protect your site) work around your protections.
What you could try is:
https://www.cloudflare.com/abuse/form (if the user uses Cloudflare)
set up Content-Security-Policy in combination with X-XSS-Protection
use CloudFlares “Hotlink Protection” to at least protect your images (works untill they also proxy them and rewrite links)
implement JavaScript which check if the Domain the Client is located is == yourdomain.tld and if not it redirects it to your domain.
Step 4 is I think the most efficient, but make sure your domain is not writen in cleartext as then they may replace it with “search-replace” or regex
system
February 10, 2021, 8:45pm
3
This topic was automatically closed after 30 days. New replies are no longer allowed.