Cache Poisoning Cloudflare | How To Protect It?

Cache poisoning on Cloudflare is the act of inserting deceptive information into Cloudflare’s DNS cache, causing DNS requests to return inaccurate responses and sending users to the wrong websites. We at Skynats can take care of your Cloudflare issues with our Server Management Services.

Cloudflare Cache Poisoning

The act of adding false information to a DNS cache, also referred to as DNS spoofing, results in DNS requests returning an incorrect response and redirecting users to the wrong domains.

How Does Cache Poisoning Work?

By crafting an HTTP request, a malicious user can trick the origin into creating a “poisoned” version of index.html using the same cache key as an innocent request. After caching, other users might obtain this file. We take this vulnerability very seriously because an attacker can insert any data or resources into a customer’s website.

Some origins send HTTP header data that is not contained in the cache key. Let’s think about an example to get a better understanding.

REQUEST

GET /2019/08/20/cache.html HTTP/1.1
Host: blog.skynats.com
X-Forwarded-Host: skynats.bloghost.com

RESPONSE

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800

<html>
<img src="https://skynats.bloghost.com/img/share.jpg"/>

Hackers can use this data that is being returned from the source in dreadful ways.

REQUEST

GET /2019/08/20/cache.html HTTP/1.1
Host: blog.skynats.com
X-Forwarded-Host: a."><script>alert(1)</script>

RESPONSE

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800

<html>
img src="https://a. "><script>alert(1)</script>

Now, the attacker can execute arbitrary JavaScript on this page. Other variations of the attack might trick a client into downloading a malicious resource that appears to be benign, which would have negative consequences. The X-Forwarded-Host header is present in many requests that have passed through another proxy before reaching Cloudflare. This value might be used by some origins to serve web pages.

Preventative Measures Against Cache Poisoning

Learn about cache poisoning: First off, deeper comprehension of the problem enables us to implement the proper preventive measures.

Fully static cache files

Check the cache settings for the origin web server to ensure that we are only caching static files that do not in any way depend on user input.

Never rely on information from HTTP headers

Cross-site scripting and other client-side vulnerabilities are frequently exploited using HTTP headers. Don’t ever depend on HTTP header data.

Don’t depend on GET request bodies

The GET request bodies are unreliable, and we shouldn’t use them to modify the contents of responses. If a GET body can change the contents of the response, take into account bypassing the cache or using a POST request.

Monitor web security

It is equally crucial to regularly check web security advisories. The most well-known advisories are Drupal Security Advisories, Zend Security Advisories, and Symfony Security Advisories.

Conclusion

Cache poisoning is a significant risk that can compromise system security. Here, our Technical Support team offers some basic preventive measures for cache poisoning on Cloudflare in order to stop such attacks.

Are you looking for an answer to another query? Contact our technical support team.

Liked!! Share the post.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

FREE SERVER AUDITING

Get Auditing Report of Your Server for FREE!!

GET THIS ISSUE FIXED !!

$30/month

Server Management