/dev/null
CDCloudflare Developers
•Created by /dev/null on 2/27/2025 in #general-help
Securing a Cloudflare-Proxied a Server Against Unauthorized Frontend Requests
System Overview:
You have three components under your control:
1. A relay server (public-facing, Cloudflare-proxied).
2. A web server that dynamically generates frontend code (HTML/JS).
3. A frontend that embeds JavaScript (from the web server) to fetch data from the relay server.
Problem:
Malicious users can:
- Discover your relay server’s public domain.
- Tamper with the frontend’s embedded JavaScript (e.g., modifying API calls or parameters).
- Spam/abuse the relay server directly with unauthorized requests. Goal:
Ensure the relay server only processes requests from your unmodified frontend code, while blocking requests from altered or unauthorized clients. MAINLY, THE BLOCKING REQUEST IS HAPPENED IN CLOUDFLARE SIDE.
You have three components under your control:
1. A relay server (public-facing, Cloudflare-proxied).
2. A web server that dynamically generates frontend code (HTML/JS).
3. A frontend that embeds JavaScript (from the web server) to fetch data from the relay server.
Problem:
Malicious users can:
- Discover your relay server’s public domain.
- Tamper with the frontend’s embedded JavaScript (e.g., modifying API calls or parameters).
- Spam/abuse the relay server directly with unauthorized requests. Goal:
Ensure the relay server only processes requests from your unmodified frontend code, while blocking requests from altered or unauthorized clients. MAINLY, THE BLOCKING REQUEST IS HAPPENED IN CLOUDFLARE SIDE.
2 replies