this post was submitted on 22 Jul 2023
1980 points (98.7% liked)
Lemmy.World Announcements
29056 readers
3 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to info@lemmy.world e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email report@lemmy.world (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I assume you are rotating ip addresses after swapping to cloudflare?
CloudFlare IP ranges can be found here. The DNS entry can point to any one of those IP addresses.
I think Ryan is referring to the usual requirement that the server's IP address is changed if switching to a CDN to avoid DDoS, since otherwise the attackers can usually just bypass the CDN by sending requests to the original IP of the server.
Not an issue if you only accept request from the cloudflare IPs and reject everything else
Depends on how big the attack is I think - inbound connection handling is not free, even if you're just rejecting
I mean, on your origin you can control the firewall of your own webserver. If you only accept https from the cloudflare IPs everyone using your Url should be patched thought cloudflare without issue and the attack wouldn't be much of a problem as they would be rejected. I use this method on some of my website at work.