WAF Loophole attack scenario

wtan · June 14, 2022, 5:39pm

Lets say I have a service running on IP: XX.YY.ZZ

If I use Cloudflare reverse proxy to XX.YY.ZZ, everything is fine because Cloudflare will only send safe requests to XX.YY.ZZ.

But what if someone somehow finds my service IP somehow? Won’t my service be vulnerable to attacks?

Do companies usually install Cloudflare and also an in-machine WAF too? Thanks.

epic.network · June 14, 2022, 6:24pm

It’s a lot easier to just limit access to your service to connections from Cloudflare IPs.

wtan · June 14, 2022, 6:42pm

Makes sense, Thanks.

system · June 17, 2022, 6:42pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IP Blocking with WAF not working DNS & Network	2	417	February 11, 2024
Bypass issue Cloudflare while Restrictions on Cloudflare via WAF rules Security	2	805	June 16, 2023
IP cannot access with proxy enabled Security	3	764	July 12, 2023
Web server application proxy for TLS/TCP termination Security	2	663	October 12, 2023
WAF and OpenVPN Security	2	1516	September 11, 2022