←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 1 comments | 16 Nov 25 13:12 UTC | HN request time: 0s | source
Show context
quaintdev ◴[16 Nov 25 15:56 UTC] No.45946006[source]
I do not have a solution for blog like this but if you are self hosting I recommend enabling mTLS on your reverse proxy.

I'm doing this for a dozen services hosted at home. The reverse proxy just drops the request if user does not present a certificate. My devices which can present cert can connect seamlessly. It's a one time setup but once done you can forget about it.

replies(2): >>45946395 #>>45948221 #
SoftTalker ◴[16 Nov 25 16:41 UTC] No.45946395[source]
That's fine if you're hosting stuff just for yourself but not really practical if you're hosting stuff you want others to be able to read, such as a blog.
replies(1): >>45946605 #
lukevp ◴[16 Nov 25 17:09 UTC] No.45946605[source]
You can mTLS to CloudFlare too, if you’re not one of the anti-CloudFlare people. Then all traffic drops besides traffic that passes thru CF and the mTLS handshake prevents bypassing CF.
replies(1): >>45947942 #
1. BehindTheMath ◴[16 Nov 25 20:00 UTC] No.45947942{3}[source]
You don't need mTLS for that. Just block all IPs beside for Cloudflare's ranges.