Avoiding Web Cache Poisoning Attacks

Cache poisoning attacks result in malicious responses that are cached and served to other users.


Overview

A cache poisoning attack uses an HTTP request to trick an origin web server into responding with a harmful resource that has the same cache key as a clean request. As a result, the poisoned resource gets cached and served to other users.

Content Delivery Networks (CDN) like Cloudflare rely on cache keys to compare new requests against cached resources and determine whether the resource should be either served from the cached or requested directly from the origin web server.


Recommendations for avoiding cache poisoning

Below are some recommendations to help you prepare against cache poisoning vulnerabilities and attacks.

Learn about cache poisoning

To deepen your understanding of the risks and vulnerabilities associated with cache poisoning, consult the following resources:

Only cache files that are truly static

Review the caching configuration for you origin web server and ensure that you’re caching files that are static and do not depend on user input in any way.

To learn more about Cloudflare caching, review:

Do not trust data in HTTP headers

Client-side vulnerabilities are often exploited through HTTP headers, including cross-site scripting (XSS).

In general, you should not trust the data in HTTP headers and as such:

  • Do not rely on values in HTTP headers if they’re not part of your cache key.
  • Never return HTTP headers to users in cached content.

Monitor web security advisories

To keep informed about Internet security threats, it is important to monitor web security advisories on a regular basis. Some of the more popular advisories include:

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk