CJW

CJW 个人博客

分享网络知识和知识记录
github
email

Hide Backblaze B2 bucket paths through CloudFlare conversion rules

In an early article titled "Backblaze B2, low-cost object storage, supports integration with CloudFlare CDN," a tutorial was provided on how to integrate Backblaze B2 with CloudFlare CDN. However, there is a flaw where the B2 domain name exposes the bucket name, allowing anyone to use your CloudFlare accelerated domain to accelerate Backblaze B2 or directly access the source site for fraudulent activities, which is not only unfriendly but also unsafe.

For example:

The format of the domain name provided by B2 is: https://f002.backblazeb2.com/file/bucket/xxx.txt
After using CloudFlare acceleration, the domain name becomes: https://b2.domain.com/file/bucket/xxx.txt
If I create a bucket named "xiaoz" in B2, then I can access your CloudFlare domain name https://b2.domain.com/file/xiaoz/xxx.txt, which will consume your CloudFlare traffic.

Or I can directly access your source site: https://f002.backblazeb2.com/file/xiaoz/xxx.txt to steal traffic.

The purpose of this article is to remove the unfriendly URL path of B2 and hide the content "file/bucket/".

Preparation:
If your B2 domain name has not been integrated with CloudFlare, please refer to this article: https://blog.xiaoz.org/archives/13256 for integration.

Create conversion rules:
CloudFlare dashboard - Rules - Conversion Rules - Create Conversion Rule - Rewrite URL

Continue filling in:

Rule name: Write anything
Field: Select "Hostname"
Operator: Select "Equals"
Value: Fill in the acceleration domain name for B2 on CloudFlare (your own domain name)

Then select "Rewrite to - Select Dynamic" for the path, and fill in:

concat("/file/bucket", http.request.uri.path)
Replace "bucket" with your own storage bucket name, and then select deploy.

Optimization:
Before optimization, our access path is: https://b2.domain.com/file/bucket/xxx.txt

After optimization, the path becomes: https://b2.domain.com/xxx.txt

As you can see, "file/bucket/" has been removed.

Remove unnecessary response headers:
Backblaze B2 adds the following header parameters to the response header of the request:

x-bz-content-sha1
x-bz-file-id
x-bz-file-name
x-bz-upload-timestamp
Although they have little impact, these parameters indicate that you are using B2, and these header parameters are generally not useful. We can also remove them using CloudFlare's rewrite rules.

Still in the conversion rules section - Create Conversion Rule - Modify Response Headers.

The hostname part is the same as above.

Then select "Remove" for all the headers, and finally fill in the above mentioned header parameters.

Summary:
The transfer traffic between CloudFlare and Backblaze B2 is free. By using CloudFlare conversion rules, the bucket name can be hidden, making the URL more user-friendly and to some extent preventing the risk of Backblaze B2 being used for fraudulent activities.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.