CNAME redirect bypasses Zone lockdown and WAF?

Hi!

I have a site that i keep under a zone lockdown, as it's still under development.

However i can bypass the zone lockdown, as well as any WAF rules configured on my site, by adding a CNAME record at a different domain's apex, that has my site as the target.

IdleOP•7/22/24, 7:27 AM

how would i go about preventing other sites from redirecting to my domain like that?

the zone lockdown is only temporary, but i do care about my WAF rules being bypassed...

Original message was deleted

IdleOP•7/22/24, 7:34 AM

that's a relief, thanks!

i assume the reason that the WAF rules are bypassed too is to avoid abuse of the cloudflare paid plans?

IdleOP•7/22/24, 7:36 AM

ah, that makes sense too

Original message was deleted

IdleOP•7/22/24, 7:36 AM

CNAME redirect bypasses Zone lockdown and WAF?

Similar Threads

Similar Threads

Similar Threads