1
24.1 Production Series / Re: Inbound Wildcard DNS block
« on: April 23, 2024, 07:54:15 am »
If you distrust an inbound connection enough to block it, then why trust it not to spoof its name and/or IP address?
Content distribution networks, cloud services, CGNAT, proxies and what have you will obscure the source of external traffic and are out of your control.
If you want to increase the security, use a login to your service. If your logins are getting swamped from a certain corner of the internet, add a second factor (e.g. client cert for a web server).
Bart...
Content distribution networks, cloud services, CGNAT, proxies and what have you will obscure the source of external traffic and are out of your control.
If you want to increase the security, use a login to your service. If your logins are getting swamped from a certain corner of the internet, add a second factor (e.g. client cert for a web server).
Bart...