...that's a Cloudflare security page. Is this a default setting for one of Cloudflare's security options, or did Algolia specifically add this to some edge detection worker or something? I'm curious which party is being ridiculous.
So much for CloudFlare's stance on free speech, I'm being censored for comedy!
(The title is a wordplay on What We Do in the Shadows.)
Joke aside, I can understand why, generally, protecting from /etc/shadow disclosures is a good default, but it should be possible to disable this particular protection. If anyone knows how, that'd be good to share.
Ohhh Cloudflare. I have to wonder how many sites are left that are actually vulnerable to having their shadow file dumped. Even for the sites that have filesystem traversal vulns, how many of those would cough up something publicly accessible from the shadow file?
eg try this
https://hn.algolia.com/?query=What%20We%20Do%20in%20the%20%2...