How to bypass firewall like Cloudflare or Sucuri

How to bypass firewall (WAF) like Cloudflare or Sucuri

If your targeted site is prevented by the firewall and they are not properly applied the firewall bypassing prevention then there is a common way to test. This is for only learning purposes. This article is to learn how to bypass firewall. Do not use this method to attack someone’s computer.

To test a site of bypassing firewall use the following command from the terminal

$ curl -H "host: www.your-domain-name.com" https://38.60.239.249 -kIL
HTTP/2 200 
server: nginx
date: Tue, 24 Dec 2019 21:09:42 GMT

You are seeing the IP of original hosting. But of the bypass firewall prevention was enabled then you will see the information like below:

After Bypass prvention:
$ curl -H "host: www.your-domain-name.com" https://37.60.239.247 -kIL
HTTP/2 403 
server: nginx
date: Tue, 24 Dec 2019 21:10:56 GMT

You can see the difference between the response code.

This is what we are looking for when bypassing the Firewall. To ensure it is correctly set we need to test the connection through the Firewall IP:

$ curl -H "host: www.your-domain-name.com" https://192.125.249.105 -kIL
HTTP/2 200 
server: nginx
date: Tue, 24 Dec 2019 21:11:18 GMT

This shows the connection is correctly passing through the Firewall. Additionally, I can confirm that the site is loading correctly after the bypassing firewall prevention. You can see this here:

See the response from the image below.