minimalo
CDCloudflare Developers
•Created by minimalo on 5/29/2024 in #general-help
Using CF rule to remove header tagged by pen test team
Hey all, So a client of mine had a pen test early this year and the test team flagged a Via header that details what proxy (and its version) the request originated from, a well known hosting provider I might add, but said client cut an issue hoping for a solution i.e. "can you delete or modify this header in-flight?". Well I tried a "Modify Response Header" Transform Rule to no avail and it occurred to me I might be barking up the wrong header tree as said header might be exposed via the Request header as well given CF is in-between the Request / Response stream. I'm half-inclined to tell client "Don't be concerned about this." but thought I'd ask here for some feedback and or a recommendation and or a best practice if any of those options are valid or exist. Gut instinct is telling me, "It can be done you silly human" but figured it couldn't hurt asking for opnions as opposed to getting in a spin loop over a non-worky solution. Cheers and hope everyone is having a good day!
11 replies
CDCloudflare Developers
•Created by minimalo on 4/23/2024 in #general-help
Enable OWASP ruleset only for a specific host
Does anyone know if this is possible ? I have a client that claims that it can be but I can find no information that backs this up. Ok, it is possible ! 👍
4 replies
CDCloudflare Developers
•Created by minimalo on 1/12/2024 in #general-help
Cloudflare Plan Chaos
Hey all. I've recently inherited a client's Cloudflare Pro account. Am in the process of sorting out a compliance document for my client's client and one of the requirements is having access to request logs. Welp this feature is only in the Enterprise plan. My client doesn't really need all the features of the Enterprise plan but they do need access to request logs.
I guess the best plan of action is to contact a Cloudflare "expert", or ideally a Sales expert and see what could be sorted
out ? Like a custom Plan that doesn't include all the features not needed by my client ? Sorry for the long message 😬
4 replies