Cloudflare #general-discussions

Join Discord

astatine

04/04/2023, 10:18 PM

Yall have a good day 👍

Strike

04/04/2023, 11:05 PM

Now try spoofing user agents even once

lgraz

04/05/2023, 1:25 AM

email server

04/05/2023, 3:42 AM

is it possible to use reverse proxy to have a JavaScript injection to change some elements or hide some elements in a entire subdomain

Slush

04/05/2023, 4:49 AM

You can try WAF in combination from disable IT in X-Robots and with rate limiting ig

niceglasses

04/05/2023, 5:09 AM

Is it possible to stop a specific script from loading using cloudflare? We have a big site, nobody internally recognises the following script, it can't be found in the HTML and we have no clue if its some malware or how its possible that Google Speed Insights is detecting this script loading 7x times https://cdn.stickyadstv.com/mustang/vpaid-adapter.min.js It seems to load 7x sometimes, it doesn't load at all some other times on the exact same page

Slush

04/05/2023, 6:01 AM

I think you can Block IT with the Contest Security Header

Slush

04/05/2023, 6:04 AM

I think I got it to destroy CF Warp

Slush

04/05/2023, 6:05 AM

I turned WARP .9 Sec on before it registered the Zero Trust O.o

niceglasses

04/05/2023, 6:45 AM

wouldn't that block all external scripts? we have plenty that we do need to load, its just that specific one

Slush

04/05/2023, 6:46 AM

Isnt it so that you can also add just one source? BUt as I know you can block it in the Rules ig

niceglasses

04/05/2023, 6:47 AM

I've never even used workers i guess ill have to learn now then.. ive no idea where to start but that sounds solid

niceglasses

04/05/2023, 6:48 AM

is this what i need to familiarize myself with to set that up? https://developers.cloudflare.com/workers/examples/security-headers/

Slush

04/05/2023, 6:49 AM

I dont also use workers lol

niceglasses

04/05/2023, 6:49 AM

oh so how are you setting that up then?

Slush

04/05/2023, 6:49 AM

If its on my private Network with CF Tunnel and anything else normally via A and AAA records

Slush

04/05/2023, 6:51 AM

And if I tunnels is crashing the whole time the next days I'll switch to anything else

Slush

04/05/2023, 6:51 AM

More Spam and disconnects and its used ;-;

niceglasses

04/05/2023, 6:51 AM

🤯 you just opened up my possibilities

niceglasses

04/05/2023, 6:51 AM

thanks

Slush

04/05/2023, 6:51 AM

lel

Leo

04/05/2023, 6:52 AM

You can use response header transform rules to add the header

Slush

04/05/2023, 6:54 AM

Yes

Slush

04/05/2023, 6:55 AM

Thats the only possibility I see rn.

HardAtWork

04/05/2023, 6:56 AM

You can also HTMLRewrite the script off the page?

Slush

04/05/2023, 6:56 AM

Yes I'm looking rn for the JavaScript Script I have

Slush

04/05/2023, 6:57 AM

nvmd I did something copletely different there

Slush

04/05/2023, 6:58 AM

The problem is it is still loaded or not?

HardAtWork

04/05/2023, 6:58 AM

The script can’t load if it doesn’t exist

Leo

04/05/2023, 7:17 AM

But he said the script wasn’t in the html