Is there a reason other than avoiding infrastructure centralization not to put a web server behind cloudflare?
Comment on Why are anime catgirls blocking my access to the Linux kernel?
poVoq@slrpnk.net 18 hours agoAnd it was/is for sure the lesser evil compared to what most others did: put the site behind Cloudflare.
I feel people that complain about Anubis have never had their server overheat and shut down on a almost daily basis because of AI scrapers 🤦
mobotsar@sh.itjust.works 11 hours ago
poVoq@slrpnk.net 9 hours ago
Yes, because Cloudflare routinely blocks entire IP ranges and puts people into endless captcha loops. And it snoops on all traffic and collects a lot of metadata about all your site visitors. And if you let them terminate TLS they will even analyse the passwords that people use to log into the services you run. It’s basically a huge survelliance dragnet and probably a front for the NSA.
bjoern_tantau@swg-empire.de 10 hours ago
Cloudflare would need https keys so they could read all the content you worked so hard to encrypt. If I wanted to do bad shit I would apply at Cloudflare.
mobotsar@sh.itjust.works 10 hours ago
Maybe I’m misunderstanding what “behind cloudflare” means in this context, but I have a couple of my sites proxied through cloudflare to prevent scrapers, and they definitely don’t have my keys.
starkzarn@infosec.pub 8 hours ago
That’s because they just terminate TLS at their end. Your DNS record is “poisoned” by the orange cloud and their infrastructure answers for you. They happen to have a trusted root CA so they just present one of their own certificates with a SAN that matches your domain and your browser trusts it. Bingo, TLS termination at CF servers. They have it in cleartext then and just re-encrypt it with your origin server if you enforce TLS, but at that point it’s meaningless.
bjoern_tantau@swg-empire.de 9 hours ago
Hmm, I should look up how that works.
interdimensionalmeme@lemmy.ml 12 hours ago
Unless you have a dirty heatsink, no amount of hammering would make the server overheat
poVoq@slrpnk.net 12 hours ago
Are you explaining my own server to me? 🙄
interdimensionalmeme@lemmy.ml 12 hours ago
What CPU do you have made after 2004 that doesn’t have automatic temperature control ?
I don’t think there is any, unless you somehow managed to disable it ?
Even a raspberry pi without a heatsink won’t overheat to shutdownpoVoq@slrpnk.net 12 hours ago
You are right, it is actually worse, it usually just overloads the CPU so badly that it starts to throttle and then I can’t even access the server via SSH anymore. But sometimes it also crashes the server so that it reboots, and yes that can happen on modern CPUs as well.
tofu@lemmy.nocturnal.garden 17 hours ago
Yeah, I’m just wondering what’s going to follow.
rtxn@lemmy.world 16 hours ago
The developer is working on upgrades and better tools. xeiaso.net/…/avoiding-becoming-peg-dependency/
grysbok@lemmy.sdf.org 13 hours ago
I’ll say the developer is also very responsive. They’re (ambiguous ‘they’, not sure of pronouns) active in a libraries-fighting-bots slack channel I’m on. Libraries have been hit hard by the bots: we have hoards of tasty archives and we don’t have money to throw resources at the problem.
lilith267@lemmy.blahaj.zone 9 hours ago
The Anubis repo has an enbyware emblem fun fact :D
tofu@lemmy.nocturnal.garden 15 hours ago
Cool, thanks for posting! Also the reasoning for the image is cool.