Cloudflare security issues

📦 about 🧻 posts

🏠 Home 📄 Posts

Projects

Facepunch Garry's Mod

Online

Twitter YouTube TikTok GitHub

Azure Media Services4 months agoquestion_answer 10 Common Math Library4 months agoquestion_answer 5 Handshake Game4 months agoquestion_answer 2 The Death Of The Web5 months agoquestion_answer 12 Aaron Peters5 months agoquestion_answer 19 Your licensing system sucks10 months agoquestion_answer 11 Disposable Actionone year agoquestion_answer 5 The Good Guysone year agoquestion_answer 15 Unity can get fuckedone year agoquestion_answer 66 Facepunch Birminghamone year agoquestion_answer 10 Mexicoone year agoquestion_answer 8 NPMone year agoquestion_answer 4 Facepunch Bloxwichone year agoquestion_answer 2 Laplandone year ago Mailbag: Sausage Men2 years agoquestion_answer 1 Holiday GameDev Books2 years ago Office Design2 years ago Access control in serverside Blazor2 years ago the man who fell to earth2 years agoquestion_answer 1 Unity 20222 years agoquestion_answer 1 3D Printer2 years agoquestion_answer 1 Rip Foszor2 years agoquestion_answer 2 My Tesla Is Fixed2 years ago My Tesla Broke2 years ago What sucks about Steam2 years agoquestion_answer 1 Making A Game 20222 years agoquestion_answer 1 InteropGen2 years ago Frozen Shoulder2 years ago Shitty Holiday Photos2 years ago Your Portfolio Gave Me Diarrhea3 years agoquestion_answer 2 Motivation3 years agoquestion_answer 1 We got married3 years ago Everything We Watched In Lockdown4 years ago House - What I'd Have Done Different4 years ago House - Fuckups4 years ago Receiver Broken4 years ago My Feet Are Fucked4 years ago What Unity Is Getting Wrong4 years agoquestion_answer 2 Lockdown Kicks Ass4 years ago Half-Life:Alyx is a Masterpiece4 years ago Open a 30gb Unity Log on Windows4 years ago Alex The Gamer4 years ago Blazor Ain't Ready4 years ago Jailbreaking Control44 years ago Benchmarking Rust4 years ago £600 Remote4 years ago Rusty Legs5 years ago Control45 years ago Android: Best & Worst5 years ago Robot Lawnmower5 years ago Best VR Shagging Games5 years agoquestion_answer 2 Red Dead 26 years ago Unity FPSSample6 years ago Forum Downtime6 years ago Fatty6 years ago Blogging & Twitter6 years ago Unity's Staging Packages6 years ago Playtest Recording6 years ago Steamworks and IL2CPP6 years ago Monitor Upgrade6 years ago Steamworks Libraries6 years ago Procedural Generation6 years ago Unity 2018.16 years ago TimeSince6 years ago Kitchen Wank6 years ago Prototyping6 years ago Displaying an Avatar6 years ago Player Name Overlay6 years ago Tesla Model X7 years ago Naming Stuff7 years ago Facepunch Api7 years ago Aggregation7 years ago The curse of Early Access7 years ago Jenkins Library7 years ago Jenkinsfile7 years ago Jenkins7 years ago Unity 2017 Changelist7 years ago Binding Steamworks SDK8 years ago Facepunch.Steamworks8 years ago Politics8 years ago Unreal Engine8 years ago I got suspended from twitter8 years ago PlasticSCM Speed Tip8 years ago Becoming A Gamedev8 years ago Jessica8 years ago Living Room Vive8 years ago I jacked off in VR, twice8 years agoquestion_answer 6 GDC 20168 years ago Rust's Networking8 years ago Crash Log Tags8 years ago Automated Crash Processor8 years ago Microtransactions9 years ago Unity Tips 29 years ago Unity Tips9 years ago Godus9 years ago Steam9 years ago Paying for Mods9 years ago Leafblower9 years ago Garry's Mod is 10 years old9 years agoquestion_answer 1 Selling Out10 years ago One Year On10 years ago I fell out of love with Lua10 years ago Rust Screenshots10 years ago Depression10 years ago How I Upload Stuff10 years ago 9 reasons why I LOVE C#10 years ago Serializing Shit10 years ago Unity Viewmodels10 years ago Baby Gadgets10 years ago Valve VR Demo10 years ago Steam Dev Days : Day 210 years ago Steam Dev Days Day 110 years ago 2013 Goals - in review10 years ago Catchup10 years ago Is Paypal Slow11 years ago Stop Programming11 years ago Grand Design11 years ago Next Gen Console11 years ago Parenting11 years ago Childbirth II11 years ago Child Birth11 years ago Resuable Tools11 years ago Design by Committee11 years ago The Columbo11 years ago This Old House11 years ago Clustered11 years ago The Rust backend11 years ago Server Downloads11 years ago The Story of Rust11 years agoquestion_answer 2 The Conversion11 years ago Like a Rolling Stone11 years ago m0r3 gmod beta11 years ago Steampipe Beta11 years ago Piss Shake11 years ago The Pipe Beta!11 years ago Oculus Rift11 years ago Linux and The Pipe11 years ago Office downstairs11 years ago Unity Wordpress Plugin11 years ago Linuxxx11 years ago The Beach11 years ago Trees have leaves11 years ago OBS11 years ago Privacy Thing11 years ago Office Progress11 years ago Learning Unity11 years ago New Project11 years ago Nextbot & Coroutines11 years ago Airplay To Room11 years ago Resellers11 years ago Steampipe Looming11 years ago Coroutines11 years ago Recruiters11 years ago Writing a Wiki Bot11 years ago Oil your brain11 years ago Tax Investigation11 years ago Lua Bindings11 years ago Office Progress11 years ago Paths11 years ago Next Bot11 years ago The Sign11 years ago VPK Search Paths11 years ago Mailbag11 years ago SteamPipe Mounting11 years ago Mailbag – Questions11 years ago Office Refurb Progress11 years ago Testing GMod Updates11 years ago Catch Up11 years ago Git outa hear11 years ago Shadow Gap11 years ago 2013 Goals11 years ago PC Hardware Design Sucks11 years ago Borderless Window Mode?11 years ago More Kinect Stuff11 years ago CoD or Battlefield?11 years ago Kinecting GMod11 years ago Entity Editor12 years ago Fan Mail12 years ago Lua Errors12 years ago Optimising GMod12 years ago Texture Filtering12 years ago Toybox Torrent12 years ago Toybox Disabled12 years ago Snack Chair12 years ago Coffee Shirt12 years ago Crash Dump12 years ago LuaJIT12 years ago Thanks EU12 years ago New Office12 years ago Sky Shader12 years ago Egypt!12 years agoquestion_answer 1 I'm going to Egypt for 2 weeks12 years ago Make maps bigger12 years ago Approved Updates12 years ago Context Screen Improvements12 years ago Auto Refresh12 years ago GMod 13 Release Date12 years ago Pyro Patch12 years ago SFM vs GMod12 years ago More Dieting12 years ago Amazon Cloud Search12 years ago 12 years ago Frame Blending12 years ago Demo Movies12 years ago DOTA212 years ago Weight Loss Update12 years ago Cheaters in GMod12 years ago Portable Computer12 years ago Coding Websites in C++12 years ago Bigger Maps12 years ago Steam Captcha12 years ago Quitting Caffine12 years ago Making Gamemodes Better12 years ago Lottery Results12 years ago GWEN Designer12 years ago Unclamped Faceposer12 years ago The Lottery12 years ago Poster Screenshots12 years ago Trade Off Game Dev12 years ago Version 49 Models12 years ago Improved Shadows12 years ago quick tool: bundler12 years ago Weight Loss12 years ago Workshopping12 years ago More Stuff I did12 years ago Cool stuff I did this week12 years ago MegaUpload12 years ago Oops12 years ago SOPA12 years ago Family Tree12 years ago Top 6 Games of 201112 years ago Ant Farm 2.012 years ago Coding Evolution12 years ago Holly Holly, Get Dolly12 years ago mklink12 years ago Video12 years ago Blog update12 years ago Ass Kicker12 years ago Other Stuff13 years ago Stuff done did13 years ago I done maths13 years ago PC Specs13 years ago Battlefield13 years ago Beta Keys Depleted13 years ago Coding & Beta13 years ago How To Buy Hardware13 years ago Bodygroups13 years ago Progress13 years ago Numpads and gibs13 years ago Spawnmenu update13 years ago Back in business13 years ago We Beat Righthaven!13 years ago Back from Holiday!13 years ago Holiday Continue13 years ago Holiday Halt13 years ago Vegas13 years ago Holiday13 years ago Still Coding13 years ago Being Sued13 years ago Spawnicons13 years ago Office Dog13 years ago The Plan13 years ago Erection Failure13 years agoquestion_answer 2 The Wild13 years ago GWEN Skins / Pixel Reading13 years ago WIT: Deus Ex (3 I think)13 years ago CODBLOPS13 years ago Resources13 years ago Docking13 years ago Steam Chat13 years ago Selling a Car Online13 years ago My First PC Games13 years ago WIT: From Dust13 years ago That GMod Update13 years ago GMod Broke Routine13 years ago Cloudflare security issues13 years ago Images in Source13 years ago Visual Studio for Lua editing13 years ago More Android bitching13 years ago Riots13 years ago Home Gym13 years ago Android vs iOS13 years ago Doing Stuff13 years ago Blogging lookback13 years ago From wordpress to tumblr13 years ago GMod Updating13 years ago Bullshit13 years ago Forum Owner13 years ago Sarah, Part 314 years ago Sarah, part 214 years ago Sarah, part 114 years ago The Perfect Woman14 years agoquestion_answer 3 The Duplicator17 years ago STALKER17 years ago SUCCESS!17 years ago Released!17 years ago Release Today!17 years ago GMod10 - Tomorrow!17 years agoquestion_answer 1 Back In England!18 years ago New Lua Implementation18 years ago Professional Mod Makers18 years ago Grey Hair18 years ago GMod Open Source18 years ago PSP Problems18 years ago More FW Animation18 years ago Snakes18 years ago Facewound Update19 years ago Lost19 years ago Superman19 years ago GMod Text Corruption19 years ago GMod 9.0.1 released19 years ago GMod 9 released19 years agoquestion_answer 2 Gmod 9 Release Date Update19 years ago Black & White 219 years agoquestion_answer 1 More 8.4 gamemodes19 years ago LUA (the programming language)19 years agoquestion_answer 1 Dee Dee Bam21 years ago Steam Launched21 years agoquestion_answer 3 Driving Test21 years agoquestion_answer 1 Updated Game Test21 years agoquestion_answer 1 Driving lesson and NS22 years agoquestion_answer 1 Poor Titch22 years agoquestion_answer 5

The guys on the forums found quite a glaring security/privacy issue with Cloudflare. Cloudflare sits on top of your site, every request that is made from your site goes through cloudflare first. This allows them to do some cool things, like prevent DDOS attacks and automatically cache and minify content. It automatically caches files with these extensions:

css, js, jpg, jpeg, gif, ico, png, bmp, pict, csv, doc, pdf, pls, ppt, tif, tiff, eps, swf, midi, mid, ttf, eot, woff, svg, svgz

Which is great, but imagine you have cloudflare on your site:

www.mysite.com

And you have a PM system:

www.mysite.com/messages/

Someone could potentially make you visit this URL (linked in an image maybe?)

www.mysite.com/messages/?.jpg

And then it would be cached in cloudflare – so then they could visit that URL and see the cached version.

This can be prevented with the Cache Level settting in Cloudflare, which stops it taking notice of extensions on the query string. Which’ll save you from these type of attacks – unless you have friendly URLs on your site. In which case you need to make them more secure by not allowing stuff to be added to the end.

question_answer

Add a Comment

An error has occurred. This application may no longer respond until reloaded. Reload 🗙