Problem:

1. Any user sets nginx to proxy all requests to my domain AAAcom hidden under cloudflare from their domain BBB.com
2. Cloudflare sends request to my server, server answered with 200
3. BBB.com domain steals my content

I can deny all requests but cloudflare servers, but it will not help. Is there any solution to disable proxying thru cloudflare? Now i ban such servers by ip, but they can avoid bans changing ips for example

In the end they can (even if you protect your site) work around your protections.

What you could try is:

1. https://www.cloudflare.com/abuse/form (if the user uses CloudFlare)
2. set up Content-Security-Policy in combination with X-XSS-Protection
3. use CloudFlares “Hotlink Protection” to at least protect your images (works untill they also proxy them and rewrite links)
4. implement JavaScript which check if the Domain the Client is located is == yourdomain.tld and if not it redirects it to your domain.

Step 4 is I think the most efficient, but make sure your domain is not writen in cleartext as then they may replace it with “search-replace” or regex

This topic was automatically closed after 30 days. New replies are no longer allowed.