The basic process for evading cloud WAFs is:
- Determine if the host is behind a cloud WAF (Cloudflare (server: cloudflare), Incapsula (x-cdn: Incapsula), Securi, Fastly, AWS WAF/V2, etc.). Usually involves review response headers.
- Attempt to discover the origin IPs by reviewing the history of IP addresses for the domain, something like: https://viewdns.info/iphistory/?domain=example.com
- Submit a request to each identified IP, using the Host header of the original target.
- Compare the response from the new IPs to the original response to see if they are similar. If they are, an origin IP address may have been discovered.
The basic process for evading cloud WAFs is: