/plushcap/analysis/cloudflare/web-cache-deception-attack-revisited

Web Cache Deception Attack revisited

What's this blog post about?

Web Cache Deception attacks occur when an attacker tricks a user into clicking a link that leads to cached content of a private page. To prevent such attacks, proper configuration of websites is necessary, including returning the correct Cache-Control headers or rejecting requests with extra PATH_INFO. However, some customers may not be able to do this due to third-party software limitations. In response, Cloudflare has released a new tool called Cache Deception Armor Page Rule that helps protect against Web Cache Deception attacks by verifying the URL's extension matches the returned Content-Type. This solution allows static assets to be cached while still providing protection from potential attacks.

Company
Cloudflare

Date published
Jan. 19, 2018

Author(s)
Ka-Hing Cheung

Word count
460

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.