knowing when to trust a login page on a Cloudflare site (infosec.pub)

submitted 7 months ago* (last edited 7 months ago) by coffeeClean@infosec.pub to c/cybersecurity@infosec.pub

8 comments fedilink hide all child comments

Question for people willing to visit Cloudflare sites:

How do you determine whether to trust a login page on a CF site? A sloppy or naïve admin would simply take the basic steps to putting their site on Cloudflare, in which case the authentication traffic traverses CF. Diligent admins setup a separate non-CF host for authentication.

Doing a view-source on the login page and inspecting the code seems like a lot of effort. The source for the lemmy.world login page is not humanly readable. It looks as if they obfuscated the URLs to make them less readable. Is there a reasonably convenient way to check where the creds go? Do you supply bogus login info and then check the httpput headers?

you are viewing a single comment's thread
view the rest of the comments

[-] glowie@h4x0r.host 4 points 7 months ago

Yes, CF can view your login creds as the reverse-proxy effectively acts as a MitM handling the encryption and decryption.

[-] coffeeClean@infosec.pub 1 points 7 months ago* (last edited 7 months ago)

It’s not always the case though. If you look at vivaldi.net and stackexchange, the creds take a CF-free path.

this post was submitted on 27 Mar 2024

11 points (76.2% liked)

cybersecurity

3217 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub