@SurgeTeam
Some websites (specifically dash.cloudflare.com) have deployed a WAF rule that prevents modern browsers from using HTTPS + HTTP/1.1 at the same time.
The WAF rule is based on an assumption that modern browsers already support HTTP/2 and will use HTTP/2 by default on supported websites, so any HTTP request with a modern browser's User-Agent that uses HTTPS and HTTP/1.1 is considered an anomaly.
The way to reproduce:
- Open an Incontigo Tab in the browser.
- Visit
dash.cloudflare.com and there should be no Captcha.
- Close all Incontigo Tabs.
- Enable
HTTPS Decryption
- Add
dash.cloudflare.com to the MitM HOSTNAMES
- Open a new Incontigo Tab in the browser.
- Visit
dash.cloudflare.com and the Captcha would appear.
- Do not solve the Captcha and close all Incontigo Tabs.
- Remove
dash.cloudflare.com from the MitM HOSTNAMES
- Open a new Incontigo Tab in the browser.
- Visit
dash.cloudflare.com and there should be no Captcha.
