You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -71,7 +71,7 @@ Cloudflare automatically runs risk scans every 24 hours on your saved endpoints.
71
71
72
72
`cf-risk-bola-enumeration`: Automatically added when an endpoint experiences successful responses with drastic differences in the number of unique elements requested by different user sessions.
73
73
74
-
`cf-risk-bola-pollution`: Automatically added when an endpoint experiences successful responses where parameters are found in multiple places in the request.
74
+
`cf-risk-bola-pollution`: Automatically added when an endpoint experiences successful responses where parameters are found in multiple places in the request, as opposed to what is expected from the API's schema.
75
75
76
76
:::note
77
77
Cloudflare will only add authentication labels to endpoints with successful response codes. Refer to the below table for more details.
Copy file name to clipboardExpand all lines: src/content/docs/api-shield/security/bola-attack-detection.mdx
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ import { Badge } from "~/components";
13
13
14
14
A Broken Object Level Authorization (BOLA) attack is where an application or API fails to properly verify if a user has permission to access specific private data.
15
15
16
-
Bugs in the application or API allow attackers to bypass authorization checks and access sensitive information by manipulating and iterating through object identifiers
16
+
Bugs in the application or API allow attackers to bypass authorization checks and access sensitive information by manipulating and iterating through object identifiers.
17
17
18
18
Vulnerabilities can occur at any time, including in the original application's deployment. However, changes or upgrades to authentication and authorization policies can also introduce these bugs.
19
19
@@ -25,10 +25,12 @@ Cloudflare labels endpoints with BOLA risk when we detect two distinct signals c
25
25
26
26
This behavior may be indicative of attackers trying to confuse the API’s authorization system and bypass security controls.
27
27
28
-
-**Enumeration**: Cloudflare detects anomalies where one or more sessions makes successful requests to any one API endpoint changing variable values out of the norm, trying to get information from the API.
28
+
-**Enumeration**: Cloudflare detects anomalies where one or more sessions makes successful requests to any one API endpoint that changes variable values trying to get information from the API.
29
29
30
30
:::note
31
31
Sessions that have more random behavior or repetition have a higher chance of triggering an alert.
32
+
33
+
The BOLA enumeration label requires an endpoint to have seen at least 10,000 sessions before being eligible for outlier detection.
32
34
:::
33
35
34
36
## Examples
@@ -49,18 +51,14 @@ Sessions that have more random behavior or repetition have a higher chance of tr
49
51
50
52
## Process
51
53
52
-
For beta customers, API Shield searches for and highlights BOLA attacks on your APIs. Cloudflare learns visitor traffic patterns over time to know when API access to specific objects is likely a Broken Object Level Authorization enumeration attack. We inform you what API endpoints are being targeted by automatically labeling them using the following risk labels:
54
+
For beta customers, API Shield searches for and highlights BOLA attacks on your APIs. Cloudflare learns visitor traffic patterns over time to know when API access to specific objects is likely a BOLA enumeration attack. We inform you what API endpoints are being targeted by automatically labeling them using the following risk labels:
53
55
54
56
`cf-risk-bola-enumeration`: Automatically added when an endpoint experiences successful responses with drastic differences in the number of unique elements requested by different user sessions.
55
57
56
-
`cf-risk-bola-pollution`: Automatically added when an endpoint experiences successful responses where parameters are found in multiple places in the request.
58
+
`cf-risk-bola-pollution`: Automatically added when an endpoint experiences successful responses where parameters are found in multiple places in the request, as opposed to what is expected from the API's schema.
57
59
58
60
If you see one of these labels on your API endpoints, check its authorization policy with your developer team to find any authorization bugs. Additionally, you can reach out to Cloudflare for a customized report about the behavior, including attacker identifiers that you can use to confirm attack reach and impact.
59
61
60
62
## Availability
61
63
62
-
BOLA attack detection is available in a closed beta. Contact your account team if you are interested in BOLA attack detection for your API.
63
-
64
-
## Limitations
65
-
66
-
The BOLA enumeration label requires an endpoint to have seen at least 10,000 sessions before being eligible for outlier detection.
64
+
BOLA attack detection is available in a closed beta. Contact your account team if you are interested in BOLA attack detection for your API.
0 commit comments