(#3p5hajq) @prologic I tried several different Tor circuits before I logged in and didn't get a captcha once. Let's see if I can talk about /etc/hosts now.
matched #57fmdaq score:11.45
Search by:
Search by 1 mentions:
(#3p5hajq) PS I've sent of an Email to support to see if I can just disable the WAF entirely. At this point I don't think it buys much value for projecting my infra ๐ I only require Cloudflare in front of my infra to protect it from assholes that _might_ want to DDoS either my infra directly or that of my ISP's Network (has happened before).
If I can still have DDoS protection without the WAF, I'll disable it.
matched #k4oxloq score:11.45
Search by:
Search by 1 tags:
(#3p5hajq) Hmmm I just tested this and this particular `/etc/thingy` is matching:
```
DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892
```
Da fuq?!
I turned off most WAF features on this pod because most are not relevant. I'm wondering whether the WAF is useful here at all?! ๐ค
matched #xdwnfga score:11.45
Search by:
Search by 1 tags:
(#3p5hajq) Alright, I don't want to spam anymore. I could reference /etc/ and a meaningless file in /etc/, but I was unable to reference the passwd file. Just another Cloudflare MITM job.
matched #2nkoxda score:11.45
Search by:
Search by 1 tags: