Proxied wildcard allows fake subdomains

Hi, we have been using Cloudflare for a few months now and I have a wildcard DNS entry for our domain set up, example * This entry is set as proxied. Recently we were notified that external links from our site we coming from hundreds of subdomains that don’t exist in either dns or our webserver. They were completely random and could be anything from 3574237179123129981 .domain. com to mypornsite .domain. com. All of them redirected to our website showing the nonexistent subdomains in the browser’s url. I ran some tests bypassing Cloudflare and our webserver rejected them and now I have disabled the Cloudflare proxy and they no longer get served.
Do I have something wrong with my set up or is this a bug in the proxy? Any guidance would be appreciated.

That’s what a wildcard record is. They aren’t fake. If you don’t need a wildcard record (most don’t), you can simply delete it.

1 Like

I disagree. A wildcard is a record to use so you can control mistyped URLs and handle them on your webserver. You can then do permanent redirects on your webserver to your real website which then rewrite the correct URLs in the browsers and any links from your website.
The proxy served our website while unknowingly masking the subdomain that was being used.

You can still do that on your server. The proxy doesn’t serve any site unless your server responds. You can set up a redirect within Cloudflare using Page Rules or Bulk Redirects or you can do this on your server.

It sounds as if you unintentionally have your main site as the default on the server, if your server responds with the main site then Cloudflare will serve it.

Because your origin server allowed it. Would have been the same behavior with or without the DNS record being proxied.

Like I said, if you don’t need it delete it.

Thanks domjh, that makes more sense. It is weird though that if I turn off the proxy, it comes up with 404.

That is what I am pointing out… if I turn off the proxy, the server rejects it with 404.

Then you have a rule or configuration setting in your Cloudflare config which is rewriting the host header or making another change that you’ve specified which allows it to succeed.

1 Like

Thanks cscharff. I haven’t set up any rules and am not aware of changing any configurations that would have done that. I will just check with the person that runs the site and prob delete the wildcard.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.