Posts tagged request smuggling.

Cloudflare resolves dot-segments in a URL only far enough to reject the obvious escapes, then forwards the raw, still-encoded path to your origin, which quietly resolves it the rest of the way. Your edge rules see one path; your server serves another. Cloudflare even warns you about it, in a banner most people scroll past.