Hey. I’m still very new to CloudFlare and I have a question.
Let’s say that I have 4 sub domains: A, B, C, D. They’re all under the same domain (test.com).
I have a page rule setup specifically for A.test.com, where “Disable security” is set to On. I did this as a temporary solution so that I can figure out the problems that a.test.com has when the security is enabled (had users complaints regarding not being able to send requests with CF security On), so that it is still accessible while I try fix it…
By turning disabling security for A, do I put others (b, c, d) at risk? I had someone telling me that it is possible for attackers to make use of a.test.con (unprotected by CF) in order to attack the other sub-domains. “A has no protection so attackers can use it to send requests to other secured subdomains, cross-site attack”, something along that lines. I guess the better place to ask is here on the forum.
I thought page rule is supposed to be active only for the domain where it’s being set up and the rest will still be secured, and that if attacker manages to attack the other subdomain its due to the others not having secure applications inside of it.
I hope someone can give me an explanation.