This behavior only works when the reverse proxy or CDN is configured like this: Proxy/CDN: HT...

shishcat • yesterday at 9:58 PM • 3 replies • view on HN

This behavior only works when the reverse proxy or CDN is configured like this:

Proxy/CDN: HTTPS (443) → Origin server: plain HTTP (80)

(example: Cloudflare in Flexible mode)

If the origin server uses any proper TLS configuration, even a self-signed certificate, this method stops working. It only succeeds when the upstream connection to the origin is unsecured.

If you want to test this on a random site without Cloudflare or reverse proxy in general on HTTP: curl http://www.digiboy.ir/boobs.jpg -v

Replies

mort96 • yesterday at 11:07 PM

Ah, Cloudflare. The world's most widely deployed encryption remover.

➕ show 2 replies

bobmcnamara • yesterday at 11:44 PM

It'll also work DigiNotar-style, when using the only root CA blessed by the National Information Network for general use: I.R. Iran.

huflungdung • today at 1:22 AM

Digiboy is a treasure trove of enterprise software. Where else would I get a pirated hpe ilo license from?

alt Hacker News

Replies