cdn-proxy icon indicating copy to clipboard operation
cdn-proxy copied to clipboard
verified publisher icon RyanJarv

Ask some questions

Open m4ra7h0n opened this issue 1 year ago • 2 comments

Hello RyanJarv, May i ask some questions, at this article https://blog.apnic.net/2022/05/19/bypassing-cdn-wafs-with-alternate-domain-routing/ you talked about to exploit, you have to know origin's ip. But if the origin is s3, such as m4ra7h0nawsbucket.s3.amazon.com, can this also be considered as knowing the ip of orign?

What's the sharing ip? How can i configure the cloudfront to use sharing ip? My s3 bucket configure this to allow the cloudfront GetObject, but it must the E4WXVQBM5CX0A distribution. In this situation, if anyone can bypass the cloudfront waf?

image

m4ra7h0n avatar Dec 18 '24 04:12 m4ra7h0n

But if the origin is s3, such as m4ra7h0nawsbucket.s3.amazon.com, can this also be considered as knowing the ip of orign?

Technically yes, but I would consider S3 an edge case here.

What's the sharing ip? How can i configure the cloudfront to use sharing ip? My s3 bucket configure this to allow the cloudfront GetObject, but it must the E4WXVQBM5CX0A distribution. In this situation, if anyone can bypass the cloudfront waf?

No, not with cdn-proxy anyway. CloudFrront is doing sig-v4 signing on requests to the bucket and S3 will reject any requests that aren’t signed this way. I’d look into how OAI works if your interested in learning more.

RyanJarv avatar Dec 18 '24 09:12 RyanJarv

Thanks, i understand.

m4ra7h0n avatar Dec 21 '24 20:12 m4ra7h0n