Is it true that a specific page rule where the security is disabled can cause other secured domain(s) to be attacked?

Hey. I’m still very new to CloudFlare and I have a question.

Let’s say that I have 4 sub domains: A, B, C, D. They’re all under the same domain (test.com).

I have a page rule setup specifically for A.test.com, where “Disable security” is set to On. I did this as a temporary solution so that I can figure out the problems that a.test.com has when the security is enabled (had users complaints regarding not being able to send requests with CF security On), so that it is still accessible while I try fix it…

By turning disabling security for A, do I put others (b, c, d) at risk? I had someone telling me that it is possible for attackers to make use of a.test.con (unprotected by CF) in order to attack the other sub-domains. “A has no protection so attackers can use it to send requests to other secured subdomains, cross-site attack”, something along that lines. I guess the better place to ask is here on the forum.

I thought page rule is supposed to be active only for the domain where it’s being set up and the rest will still be secured, and that if attacker manages to attack the other subdomain its due to the others not having secure applications inside of it.

I hope someone can give me an explanation.

Thanks!

For starters, these are not domains but rather regular hosts of your actual domain.

Now, if you disable security for host A, requests for all the other hosts will still go through Cloudflare’s security layers and there is no no such thing as a “cross-site attack”. However, if these hostnames all point to the same machine, requests to host A will go to the same machine as where the other hosts are and might affect them as well, depending on how your server is configured.

For example, if they start a denial of service attack against A, that would most likely affect the other hostnames as well, being on the same server. Equally, if A has some unpatched security issues someone might be able to obtain elevated access on the machine and could then possibly also access data of the other configured hostnames on the machine.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.