Solution to Origin Server IP Address Exposure
When AAD is used, exposure of the origin server's IP address could lead to direct attacks on it, circumventing the AAD protection. In such cases, you are advised to change the origin server IP address.
Prior to updating the origin server's IP address, assess any potential vulnerabilities that led to the exposure, preventing the new IP address from being exposed again.
DNS Resolution Record Check
Verify the DNS resolution records for the previously attacked origin server IP to confirm that all domain names have been resolved to AAD CNAMEs or IP addresses.
Information Leakage and Command Execution Vulnerabilities
Check whether the website or service system has vulnerabilities that could lead to information leakage, such as phpinfo() leakage and GitHub information leakage.
Check whether the website or service system has command execution vulnerabilities.
Other Suggestions
Avoid selecting a new origin server IP address within the same or adjacent network segment as the old one to prevent attackers from scanning the c-blocks and adjacent IP segments.
You are advised to prepare backup links and backup IP addresses in advance.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot