Post AWg5RzqEYWxLLsG7SS by rysiek@mstdn.social
(DIR) More posts by rysiek@mstdn.social
(DIR) Post #AWg5RyryAakaKy3zWa by tekkie@mstdn.social
2023-04-13T09:54:59Z
0 likes, 0 repeats
Even on a very small static website #Cloudflare makes a difference. #Security #InfoSec
(DIR) Post #AWg5RzqEYWxLLsG7SS by rysiek@mstdn.social
2023-04-13T09:58:37Z
1 likes, 0 repeats
@tekkie yeah, a bunch of people will avoid it. Plus, there is no info what #CloudFlare considers an "event" and why it needed "mitigation". And if it's a small site, presumably going static would be feasible, which would remove a gigantic amount of attack surface, without putting a spying gatekeeper between the site and its visitors.
(DIR) Post #AWg5SZiLBM26boqK9Y by digitalRightsNinja@fedi.at
2023-06-14T07:43:09Z
2 likes, 0 repeats
@rysiek Indeed. For example, #Cloudflare considers Tor users like myself to be malicious. So my legit access to the above mentioned website would have blocked me and incremented that count that users sadly believe are true positives for malicious attempts.@tekkie
(DIR) Post #AWg5Syw1PcpapUR6Rs by tekkie@mstdn.social
2023-06-14T08:36:54Z
0 likes, 0 repeats
@digitalRightsNinja @rysiek unfortunately Tor nodes are traditionally blocked because there's a lot malicious action originating from them. The entire ranges for those Tor nodes are often completely red when it comes to abuse scoring.
(DIR) Post #AWg5SzhAaKXrBiUkwC by rysiek@mstdn.social
2023-06-14T09:24:47Z
1 likes, 1 repeats
@tekkie @digitalRightsNinja scoring by whom, for what purpose?Why do I care if a Tor node is "red" in that sense if my site is static and there's not much to abuse? What kind of "events" did CloudFlare "mitigate" for you on a static site that would not be mitigated by the fact that the site is static?After doing some serious web hosting work, I really doubt that blocking Tor makes a difference, unless we're talking dynamic websites that allow anonymous interactions.