CNAME redirect bypasses Zone lockdown and WAF?
Hi!
I have a site that i keep under a zone lockdown, as it's still under development.
However i can bypass the zone lockdown, as well as any WAF rules configured on my site, by adding a CNAME record at a different domain's apex, that has my site as the target.
1 Reply
how would i go about preventing other sites from redirecting to my domain like that?
the zone lockdown is only temporary, but i do care about my WAF rules being bypassed... š
that's a relief, thanks!
i assume the reason that the WAF rules are bypassed too is to avoid abuse of the cloudflare paid plans?
ah, that makes sense too
š