OWASP Hidden file found when using Cloudflare

duc.le · November 5, 2023, 6:19am

Hello everyone,
When I attach my domain to Cloudflare and turn on “Proxy” to using ssl, I just OWASP ZAP to scan for vulnerabilities and get this warning:

Hidden file found (2)
GET https://mydomain.com/._darcs
GET https://mydomain.com/BitKeeper

Has anyone encountered this situation? Please give me advice.

janik1 · November 5, 2023, 11:24am

Hi,

If this didn’t happen before you proxied the record, that sounds like a false positive to me. There’s nothing Cloudflare does to make these two files exist.

I’d recommend double-checking that these files don’t exist on your web server, and trying to access those two URLs with your browser. If that doesn’t work, it’s most likely a false positive (try re-running the scan, too).

duc.le · November 7, 2023, 3:51am

Thank you, I’ll check, my mistake, misconfigured nginx

system · November 10, 2023, 3:52am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare trying to hack hidden server files. Why? Website, Application, Performance	9	747	December 23, 2023
Malicious files and weird links into cloudflare files Security	3	1777	May 24, 2022
Potentially Suspicious File /cdn-cgi Security	7	1349	May 26, 2023
Enabled security rules in Cloudflare,but they're blocking our image and file upload Security	2	78	August 6, 2024
Domain & sub domain auto download file...virus DNS & Network	3	978	April 20, 2023

OWASP Hidden file found when using Cloudflare

Related topics