CD
Cloudflare Developers5mo ago
GQs1

Security Problems in the url "cdn-cgi"

Hello! I need some help with my website: I am using ZAP to check my website's security, and it gives me those alerts: "Path Traversal", "SQL Injection", "SQL Injection - Oracle - Time Based", "SQL Injection - SQLite" affecting many files in the url mywebsite.com/cdn-cgi/challenge-platform/h/g/jsd/r/ I already checked some community answers, but they all ended saying that opening a ticket with cloudflare was advised. I did, they told me they cannot help me (free user) if it's not a problem related to billing or 2FA, and to ask to the community. In case it might be helpful, some answers in the community said these might be some "leftovers" of the cloudflare apps that were installed and then uninstalled. My other domain, that uses cloudflare too, isn't affected. Would you be so kind to help me? Thanks in advance! Regards
1 Reply
GQs1
GQs15mo ago
That was easy! haha So, why did it give those alerts? Is it normal? I missed that, sorry Oh I forgot to thank you for the quick answer Perfect! Glad to hear that Even if it might be off-topic, what's a good tool I might use to check (easily) for my website's security? Given that it's just a personal portfolio website Admin panel, plesk Even if it's hosted in a service, I don't have a personal server
Want results from more Discord servers?
Add your server
More Posts
Modify request before calling other worker on specific URLIs it possible to modify request before passing it to binding? Let's say I have code like this on tAccess bindings in devI'm following this tutorial: https://developers.cloudflare.com/pages/framework-guides/deploy-a-sveltHow to use the hibernatable websocket API on workers + durable objects?I'm creating a worker + DO that accept websocket requests. I'm a little bit confused of how do I impProblem with VideosWe embedded our videos (hosted at cloudflare) on our website. Now user contact us with the problem, I cant seem to get Zaraz to work with aI cant seem to get Zaraz to work with a basic website hosted on Google Sites behind a CloudFlare proDeleting DNS Record with API EndpointI am attempting to delete a dns record from our zone and I am only getting the status code 10000 andHow do I disable ratelimits for a domain on a Cloudflare Tunnel?I have a Nextcloud instance that goes through Cloudflare Tunnel and I am consistently hitting the raDeployment errors on deploying nextjs siteThe site is working well with GitHub pages but having issues with cloudflare pagesGeoDNS?I feel like that the default DNS does not allow for that much flexibility, more of a resolve-your-ipWorker to Worker fetchHi there, I would like to ask for some help with my cloudflare worker. When i make a request to ano