Why dns resolution doesn't use some secure protocol for security purposes. Isn't it a security concern if someone can see websites you are connecting with.
It can be done with a secured protocol - DNS over HTTPS.
Just recently it was added to some browsers as the default behavior.
You can read more about it at the wiki page -
https://en.wikipedia.org/wiki/DNS_over_HTTPS
Related
Halo, i’m a dev recently diving into cloudflare security layers and got few questions on a website security which is deployed to cloudflare. I’m using Pages and my domain is directly hosted by cloudflare Registrar. I’m also using the security layers provided with cloudflare infrastructure, including [ Bots, DDos, Settings, Page Shield ], which can be found in security tab of my domain in cloudflare dashboard. Below list is my questions:
security layers in use: [ Bots, DDos, Settings, Page Shield ]
I’m using firebase hosting to link my firebase functions with the domain which is hosted by cloudflare. In this case, do the above listed security layers of cloudflare automatically protect the firebase hosting resources or traffics?
I’m using cloudflare workers to manage Durable Objects. The Workers’ functions are also linked to the same root domain with different subdomain. In this case, do the above listed security layers of cloudflare automatically protect the Worker traffics?
the proxy status of firebase hosting connection is “DNS only” mode(not “Proxied” mode), since in the case of Proxied, the dns connection does not work(i didn't figure out the reason yet..). In this case, it makes me feel like the firebase hosting resources are not being protected since the orange switch in DNS dash is turned off
please consider the cloudflare plan is Pro
Thank you in advance [:
For the products you are listing, Cloudflare is implemented as a reverse proxy.
This means that from an end user perspective, when they try to connect to your services, their traffic reaches Cloudflare first (since a proxied record resolves to a Cloudflare anycast IP). Cloudflare carries out the features and security services that are configured, then forwards the HTTP requests to your origin infrastructure as specified in your Cloudflare DNS tab. This is true when the traffic is directed to proxied records.
For records in DNS-only mode, Cloudflare only performs DNS resolution (answering to the DNS query for that DNS record). Once this is done, the client will connect directly to the specified resource and the traffic will not be flowing through the Cloudflare network, meaning Cloudflare cannot provide proxy services in this scenario.
For a full explanation, I recommend the following documentation page
I am getting a bit into protecting my website but someone keeps posting the origin-ip of my website. I've found out that this website is exposing it: http://www.crimeflare.org:82/cfs.html
after some extra research I found that this site has been online for a couple years but no info on how it is made or what technique it uses. Does anyone have a clue how this website gets the direct-connection IP address? Thanks in advance.
I can answer this question. It's really all due to domain history in a nutshell. In order to avoid domain history fetching websites, so-called CloudFlare resolvers and Crimeflare, you need to change your origin IP while under the banner of CloudFlare. Then to stay hidden you MUST not use the email services from your domain otherwise a simple MX record lookup will expose your origin IP. So this means you now need to use third-party email services. If you are using a VPS or bare metal you need to setup IPtables so that ALL IPs are blocked and just allow CloudFlare's IPs. This way IP scanners like Censys can't find your origin IP either since all IPs would be blocked except CloudFlare's forcing all connections to go through CloudFlare. Thankfully CloudFlare IPs don't change that often and they do publish the IP list at their website.
If you are using a shared account you'll want to make sure your shared account uses a shared IP and not a unique IP. With a shared IP your website is mixed with others and these CloudFlare resolver websites can't distinguish between who's who to get your origin IP.
There are some other very minor trivial things to also consider. One trivial possible vector for origin IP exposure is allowing remote content to be published via the website. Be it a remote avatar or file. The link used from this remote content has the possibility of resolving your origin IP behind CloudFlare.
If you are using a shared account you can help block direct IP connections and keep all connections going through CloudFlare in one of two ways. In an Apache or Litespeed SAPI, add the following to your htaccess file:
RewriteCond %{HTTP:CF-IPCountry} ^$
RewriteRule ^ - [F,L]
What that code does is check for the CloudFlare Geo location header in the request from CloudFlare and if not present the user gets a 403. Thus all connections must go through CloudFlare. In order for this to work, the IP Geo Location option has to be turned on in your CloudFlare dashboard under Network.
The other really unique and awesome way of doing this is by using CloudFlare Workers. You can read about that here: https://community.cloudflare.com/t/stop-cloudflare-bypassing-on-shared-hosting/91203
I use all of these methods myself with my websites minus the fact of not using a VPS. So far my origin IP is not shown in Crimeflare or other websites.
Best of luck.
They very much explain it on that very site:
There are sites on the web that specialize in collecting registration and nameserver data. [..] CloudFlare maintains around 391 nameservers, and customers must change the nameservers on their registration in order to use most services. Each customer's domain is assigned two nameservers. This makes it easier to verify which domains depend on CloudFlare, and helps us keep our domain lists relatively current.
In other words, they look at public nameserver data and filter out the domains that have their nameservers pointed at one of CloudFlare's nameservers.
I have a Website running on Azure. I added a custom domain and an SSL to enable https access to it.
All is fine. Few days ago Azure had a network issue in a datacenter where my website is hosted( West Europe) and of course my site was affected during that time.
So i've decided now to put my site under traffic manager and deploy it in 2 regions.
Configuring Http acces with ATM works. But when i switch to Https( choosing https protocol in ATM config page) all endpoints get "Degraded" status.
so, my questions are: do i have to add certifcate to traffic manager in order to use https? How can i add https endpoints to ATM?
Traffic Manager supports health probes via both HTTP and HTTPS. Note that when using HTTPS health checks:
The server certificate is not validated (hence there's no need to
register the certificate with Traffic Manager)
Client certificates are not supported
SNI certificates are not supported
Please check the above. Please also check that your monitoring port is configured correctly in Traffic Manager (e.g. 443 instead of 80) and also your monitoring path points to a valid page for your service.
These pages may be helpful:
Traffic Manager endpoint monitoring
Troubleshooting 'Degraded' endpoint status
If you still can't get it to work, please raise a Support ticket. If you do solve the problem, please reply back to let us know what it was
Regards,
Jonathan Tuliani, Program Manager, Azure Traffic Manager
I am trying to find hosting provider for a website that is connected to cloudflare. On Whois Lookup, I get Name Server(s) NOAH.NS.CLOUDFLARE.COM
UMA.NS.CLOUDFLARE.COM
When I use this website http://network-tools.com
I get Attempt to get a DNS server for 104.XX.1xx.3x failed:
I know that cloudflare is not a hosting provider. How can I dig deep and find the actual hosting provider?
If you have some type of abuse related issue with the website in question you'll need to file a complete abuse report at cloudflare.com/abuse
In most cases there isn't an obvious way to identify the underlying hosting provider for a website behind CloudFlare. With a valid and complete abuse report they can put you in touch with the hosting provider's abuse team though.
There is a service called CrimeFlare that helps to resolve the actual IP address behind CloudFlare.
If the website owner has properly set up their website's configuration with CloudFlare. There is no way to acquire the IP through any external means (Whois, DNS, etc)
If you must send an abuse report or DMCA complaint, you can contact CloudFlare through their website and they will be able to forward it on for you.
1. Check hosting history
Services like https://toolbar.netcraft.com/site_report can help you discover the history of hostings for the website.
2. Try Cloudflare IP resolver
https://iphostinfo.com/cloudflare/ (Works as of 2019.12.10, not sure if you can trust this source in a long-term).
Enter your domain name. Click "Search DNS" and you will be
brought to a page that checks for common DNS entries. This tool was
created to help webmasters configure their domains DNS with CloudFlare
properly and is not meant to be used for abuse purposes. If you see
your servers real ip in any DNS entry, anyone can easily find your
real servers ip then.
3. Look for subdomains manualy
You can check and WHOIS the IPs for subdomains. E.g. if www.XYZ.com and XYZ.com are both behind CloudFlare, check for popular subdomains, like:
status.XYZ.com
ns.XYZ.com
beta.XYZ.com
test.XYZ.com
forum.XYZ.com
blog.XYZ.com
admin.XYZ.com
etc..
There is some chance that they will be available directly without CloudFlare.
4. Ask
You can find a way to ask them directly. Or get such information via CloudFlare if you have a legit need to know it. (E.g. by contacting cloudflare.com/abuse as suggested by #xxdesmus).
Law enforcement officials can contact us directly at abuse+law#cloudflare.com. You must include your badge & case number when contacting us to receive a response.
Can anybody explain why I see another web site at my http secure address. I don't have a certificate. I can manage files from folder httpsdocs but cannot access them from web. Also httpsdocs is empty. https://innovacube.com/
And base of my problem is Google indexes my https domain but I cannot denny Google Bot.
You're sharing IP addresses with another site - you'll see that both www.innovacube.com and www.cokyader.com resolve to 92.199.202.62. HTTP/1.1 allows this because you also send a host header
GET / HTTP/1.1
Host: www.innovacube.com
so the web server knows which site to serve for a given connection.
It isn't, however, possible to do this for HTTPS. The problem is that the certificate negotiation happens before the server gets to HTTP so you can't switch depending on the site that the browser really means. Therefore you can only host one HTTPS site per IP and this IP is hosting cokyader.com. (There are proposed extensions to help fix this but I've never seen any progress on this.)
If you want your own separate HTTPS site then your host will have to allocate you your own separate IP address.
Because you are using shared hosting, and it has been configured with a default SSL site that isn't yours (but presumably belongs to someone who has paid for SSL support and has their site hosted on the same server).