Ruaphoc
- 8 Followers
- 2 Following
- 3 Posts
Cyberpunk 2077, Cities Skylines, Kerbal Space Program, Gadgets, Tech Repairs, 3D Printing, Linux OS, Cybersecurity.
While you are securing your domain, 3 more good ideas:
1. Enable DNSSEC. This will sign the dns query responses to help ensure your DKIM and TLSA can be trusted.
2. Configure CAA records with only your TLS certificate issuer so any other certificates are not trusted.
3. Configure DANE TLSA records with a hash of the public keys for your email server and websites. Also be sure to configure the “mta-sts.@“ subdomain to serve the correct text file. This will provide an additional chain of trust for your email server (and websites server).
@patricksamphire I’m using Cloudflare with “bot fight mode” to block most of the ones that ignore the robots.txt. What you might try is the reverse, add the bots you want to index your site with the “Allow” directive, then at the bottom set a wildcard disallow.
I also have my sites geo locked to only the US and Canada as that is where my target audience is located, but Cloudflare will allow you to allow or block any country.
I also have my sites geo locked to only the US and Canada as that is where my target audience is located, but Cloudflare will allow you to allow or block any country.