CloudFlare sites protected from httpoxy
On July 18, 2016, Ben Cartwright-Cox announced a new vulnerability called httpoxy that affects applications using "classic" CGI execution models and could lead to API token disclosure of services your application communicates with. Cloudflare has implemented automatic protection for all customers against this vulnerability. By default, harmful httpoxy requests are modified to be harmless and allowed through. However, customers can also use Web Application Firewall rule 100050 in Cloudflare Specials to block such requests that could lead to the httpoxy vulnerability.
Company
Cloudflare
Date published
July 18, 2016
Author(s)
Ben Cartwright-Cox
Word count
102
Language
English
Hacker News points
None found.