undefined | Better HN

0 pointsLiquid_Fire3y ago0 comments

If your website is behind CloudFlare, why even allow direct connections from anyone that's not CloudFlare?

0 comments

With Cloudflare's tunnels, there's no longer even a need to allow direct connections from the outside world.

In my own testing it wasn't too terrible to setup firewall rules and mutual TLS-based authentication of origin pulls, but it is certainly something where you have to do everything right to be as secure as you think you are. Versus just closing off inbound connections entirely and running cloudflared

j / k navigate · click thread line to collapse

0 pointsLiquid_Fire3y ago0 comments

If your website is behind CloudFlare, why even allow direct connections from anyone that's not CloudFlare?

0 comments

jffry3y ago

With Cloudflare's tunnels, there's no longer even a need to allow direct connections from the outside world.

j / k navigate · click thread line to collapse