Bypass WAF by a simple trick gained $1000 bounty

2 min readSep 3, 2023


Hi all….

My name is 0xbartita let’s get started>

When I was hunting on a private program on hackerone I noticed that program use Cloudflare on all subdomain * , I usually going to to search for origin IP of the web application

Origin IP of amazon server

Maybe I found Original IP it’s 50.17.***.** When requested it it’t give me 404 Not found

404 not found via origin ip

Most hunters see this error they think it’s not Origin IP of website.

This happens because host header set by default as IP that requested or it’s give you the default virtual host on the server

But when I changed HOST header to target domain it’s showed me the same response of domain without “Server: CloudFlare” response header

To make every reqeust to going to Origin IP instead of cloudflare IP on my browser go to burp and change redirect to host option to original IP



when you face 404 or any error when you want to bypass waf by origin IP try to change host header to target domain

My twitter →