Felicitas Pojtinger 🌅Whenever you see someone recommend Cloudflare or something else that decrypts and re-encrypts TLS for something, esp. for something related to open social media or media storage etc., reply with this picture from the Snowden leaks
Sigma@pojntfx I mean, I get what you mean. But there isn’t really another way for anything that gets any lots of traffic, or that’s a target for political reasons. CDNs need to decrypt for caching and DDoS protection.
@sigmasternchen Yeah, for protecting against something DDoS related I'd probably use Anubis given that the no. 1 offenders seem to be scrapers ... but that is ofc only one tool in the box.
@pojntfx Does that help though? I mean, it helps against scrapers that strictly follow links. But it doesn’t help against any sort of real attack. The past has shown that you don’t need that much regular traffic to be a target for actually (non-accidental) DDoS attacks. I’m thinking of stuff like the AllThinksLinux incident where someone DDoSed them for days to "make them aware of a security issue". A single-user fedi instance might be fine. But something the size of mastodon.social for example definitely needs to protect against that. And they do. They use fastly as a CDN.