/plushcap/analysis/cloudflare/cloudflare-sites-protected-from-httpoxy

CloudFlare sites protected from httpoxy

What's this blog post about?

On July 18, 2016, Ben Cartwright-Cox announced a new vulnerability called httpoxy that affects applications using "classic" CGI execution models and could lead to API token disclosure of services your application communicates with. Cloudflare has implemented automatic protection for all customers against this vulnerability. By default, harmful httpoxy requests are modified to be harmless and allowed through. However, customers can also use Web Application Firewall rule 100050 in Cloudflare Specials to block such requests that could lead to the httpoxy vulnerability.

Company
Cloudflare

Date published
July 18, 2016

Author(s)
Ben Cartwright-Cox

Word count
102

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.