Ask some questions

[m4ra7h0n]

Hello RyanJarv,
May i ask some questions, at this article https://blog.apnic.net/2022/05/19/bypassing-cdn-wafs-with-alternate-domain-routing/ you talked about to exploit, you have to know origin's ip. But if the origin is s3, such as m4ra7h0nawsbucket.s3.amazon.com, can this also be considered as knowing the ip of orign?

What's the sharing ip? How can i configure the cloudfront to use sharing ip? My s3 bucket configure this to allow the cloudfront GetObject, but it must the E4WXVQBM5CX0A distribution. In this situation, if anyone can bypass the
cloudfront waf?

[RyanJarv]

But if the origin is s3, such as m4ra7h0nawsbucket.s3.amazon.com, can this also be considered as knowing the ip of orign?

Technically yes, but I would consider S3 an edge case here.

What's the sharing ip? How can i configure the cloudfront to use sharing ip? My s3 bucket configure this to allow the cloudfront GetObject, but it must the E4WXVQBM5CX0A distribution. In this situation, if anyone can bypass the cloudfront waf?

No, not with cdn-proxy anyway. CloudFrront is doing sig-v4 signing on requests to the bucket and S3 will reject any requests that aren’t signed this way. I’d look into how OAI works if your interested in learning more.

[m4ra7h0n]

Thanks, i understand.