minimalo
CDCloudflare Developers
•Created by minimalo on 5/29/2024 in #general-help
Using CF rule to remove header tagged by pen test team
@Chaika Just an FYI: Today it dawned on me that that 1.1 is not the version of the proxy, it's the HTTP protocol version. Apparently the pen tester(s) misinterpreted it to be proxy version. In the end no action required on my part. Thanks for your help nonetheless !
11 replies
CDCloudflare Developers
•Created by minimalo on 5/29/2024 in #general-help
Using CF rule to remove header tagged by pen test team
@Chaika @Leo roger that. will look into it mañana. cheers !
11 replies
CDCloudflare Developers
•Created by minimalo on 5/29/2024 in #general-help
Using CF rule to remove header tagged by pen test team
Not sure I understand your question. I do understand what a URI is and Via: 1.1 veger is an upstream proxy (at Heroku) that the pen test teamed tagged as exposing the proxy version, but i'm starting to wonder if it's really necessary to try to mask or alter that via header
11 replies
CDCloudflare Developers
•Created by minimalo on 5/29/2024 in #general-help
Using CF rule to remove header tagged by pen test team
I did use a Modify Response header to no avail. It is a Custom Filter Expression. Here is the expression detail from the dialog:
URI equals "/Via: 1.1 vegur" And Hostname equals "my.target.host.com" then Remove Header name Via.
And the expression:
(http.request.uri eq "/Via: 1.1 vegur" and http.host eq "my.target.host.com")
Used FF DevTools to check if the header was removed or not in my case 🙂 I haven't had to revisit this yet today but will make time later
11 replies
CDCloudflare Developers
•Created by minimalo on 4/23/2024 in #general-help
Enable OWASP ruleset only for a specific host
@Chaika I successfully tested your solution today. Worked flawlessly. Again I appreciate your help with this.
4 replies
CDCloudflare Developers
•Created by minimalo on 4/23/2024 in #general-help
Enable OWASP ruleset only for a specific host
@Chaika Brilliant! Thank you for this. Will share this info with my team. Cheers :10000:
4 replies
CDCloudflare Developers
•Created by R1CH on 4/10/2024 in #general-help
Cloudflare OWASP Core Ruleset blocking legit requests
@R1CH I can't speak to your question, but I've seen POST requests get blocked by OWASP rules and there was no time to investigate the WHY because it was a production app and people could not work. Have you tried adjust the Paranoia and Anomaly Levels to see if that helps ?
2 replies
CDCloudflare Developers
•Created by Painguin | Tiến on 4/9/2024 in #general-help
Dashboard authentication error 1001
*does not have
8 replies
CDCloudflare Developers
•Created by Painguin | Tiến on 4/9/2024 in #general-help
Dashboard authentication error 1001
@tien I've seen this too. I have a restricted admin account and I get the same error probably because my account does not privs to access billing info. Have you tried discussing this with your client or whomever the superadmin of the account is ? My account is even restricted from CF services that aren't used at all. Very annoying.
8 replies
CDCloudflare Developers
•Created by minimalo on 1/12/2024 in #general-help
Cloudflare Plan Chaos
Great ok thank you @kian
4 replies