Developer builds tool to detect origin IP exposure that bypasses CDN protections

·1 views

A developer discovered that websites behind CDNs like Cloudflare or CloudFront can still be vulnerable if their origin server's IP address is publicly reachable. Attackers can uncover origin IPs through Certificate Transparency logs, historical DNS records, and overlooked subdomains such as mail or vpn that are never routed through the CDN. To address this, the developer built a Rust-based command-line tool called origin-exposure-check that replicates attacker discovery methods against a user's own domain. The tool enumerates candidate IPs, excludes known CDN edge ranges, and directly probes each remaining IP by forcing a TLS connection while spoofing the real hostname to see if the origin responds with site content. If the response matches the CDN-served baseline, the origin is flagged as exposed, giving site owners an early warning before attackers can exploit the gap.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Developer Details How He Fixed Five Hallucination Bugs in an AI Persona Chatbot

A developer building an AI persona named Jane — designed to respond in character rather than as a generic assistant — encountered repeated hallucination issues after initial testing appeared successful. The system used two parallel knowledge sources, project content and persona memories, retrieved before every reply to ground responses in real articles. The first major bug revealed that a broken retrieval index prevented the model from accessing saved content entirely, returning zero chunks per query. Subsequent bugs showed the model ignoring retrieved context due to conflicting prompt instructions, and blending real facts with invented details. Each issue was resolved through targeted fixes, including forcing index updates on every content save and restructuring the system prompt to explicitly tell the model it had already read the retrieved material.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

IONA OS Quick-Start Guide Covers Rust, Flux, GUI, and AI Syscalls for Native Apps

IONA OS is described as a complete platform for building native applications, supporting two programming languages: Rust for performance-critical tasks and Flux for AI, causal memory, and timeline features. Both languages interface with the kernel through a unified syscall API, allowing developers to access system metrics, AI queries, and memory management functions. The OS also includes a native GUI compositor called Glass, which supports 3D acceleration via VirGL and Vulkan. Additional features highlighted include WebAssembly sandboxing, background system services, and native blockchain integration through the IONA Protocol. The project, available at iona.zone, is reportedly built by a single developer over 13 years of independent research.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Power BI Workflow: Data Cleaning, Modeling, and Dashboard Building Explained

Power BI enables analysts to transform messy raw data into interactive dashboards through a structured three-stage workflow. The process begins in Power Query, where missing values, duplicates, and inaccuracies are addressed using techniques such as replacing nulls with placeholders or removing rows with excessive missing data. Next, data modeling organizes tables into logical structures using fact and dimension tables, with relationships defined through primary and foreign keys to enable cross-table analysis. Design patterns like the Star Schema — where a central fact table connects to multiple dimension tables — are recommended for their simplicity and query performance. The final stage involves building dashboards that visually communicate insights drawn from the cleaned and modeled data.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Engineers Push Open5GS 5G Core to 9 Gbps Using VPP and DPDK on Commodity Hardware

A software engineering team replaced the socket-based User Plane Function in an Open5GS 5G core with a pipeline built on VPP and DPDK, achieving 8.5–9 Gbps throughput on a standard 10G link. The original implementation peaked at around 850 Mbps because every packet had to pass through the Linux kernel, incurring memory copies, syscalls, and context switches at scale. By adopting DPDK's poll-mode drivers for kernel bypass and VPP's graph-node architecture for batch packet processing, the team eliminated those bottlenecks entirely. The new UPF integrates with Open5GS's Session Management Function via the PFCP control-plane protocol, allowing session rules to be applied at near line rate on commodity x86 hardware. Once software ceased to be the limiting factor, the team found the next constraint shifted to the PCIe bus rather than the NIC or processing logic.

0 comments Read more at DEV Community