T4cC0re
- Karma
- 9
- Created
- January 17, 2020 (6y ago)
- Submissions
- 0
Infrastructure Site Reliability Engineer at GitLab
https://gitlab.com/T4cC0re
[ my public key: https://keybase.io/t4cc0re; my proof: https://keybase.io/t4cc0re/sigs/Vw1TN5gJiAUKaIH2oHyzzW-PV9j5r_2jiPC1NquFmJQ ]
I have raised this issue internally and we will contact our vendor to work with them on having those IPs removed from the block list. Those IPs are only in use by us, so blocks targeting other Cloudflare properties…
From a technical perspective, you are right. Anycast IPs are more fragile when routing within an open session, as a route change might cause traffic to go to a different PoP and thus break the connection. The point of…
First of all, CF cannot see or alter anything that happens in the SSH tunnel (except killing the connection), because the handshake is done with our servers and only those have the private keys that match our published…
That is a very good question. In general, what you can expect to see when visiting a Cloudflare site via Tor is a CAPTCHA challenge to authenticate your browser to show you're not a bot. As to whether we can enable the…
One of the key reasons we decided to utilize Cloudflare as our vendor for WAF and CDN was, that they uniquely offer to run SSH (or any TCP application, really) and HTTP(s) on the same hostname.
Here are my answers to those questions: (Note: I am a GitLab employee, so they are probably a bit biased) - What are the privacy implications of this? Theoretically, any 3rd party in line of traffic (in this case it is…
In the case of Cloudflare, there also is option C, "Keyless-SSL", where you control the key. (https://www.cloudflare.com/ssl/keyless-ssl/) But that is irrelevant in our case. We opted to use Cloudflare Spectrum to…