undefined | Better HN

0 pointstgsovlerkhgsel7y ago0 comments

Just a note, unless you're also validating the Host: header (and possibly even then), Authenticated Origin Pull can be bypassed if someone does find the right server:

https://medium.com/@ss23/leveraging-cloudflares-authenticate...

(Could have been fixed in the past couple months, but I doubt it.)

Same for Access, by the way.

0 comments

prdonahue7y ago

Sometime in 2Q you'll be able to upload your own client certificate (issued under your own CA if you like) to be used with Authenticated Origin Pulls.

rarecoil7y ago

Note: This user is a (the?) Director of Product at Cloudflare.

zackbloom7y ago

You can also use Argo Tunnel to create a secure tunnel between your origin and Cloudflare.

j / k navigate · click thread line to collapse