Cloudflare operates as a reverse proxy in front of your service(s);
clients of your services access them through an endpoint that
Cloudflare stands up. DNS records point to Cloudflare, and TLS
certificates must be provisioned in Cloudflare to match. For all
intents and purposes, you would be
>
>
> a) your reverse proxy must be colocated with the service it fronts on the
> same machine;
> b) your network infrastructure transparently encrypts traffic between your
> proxy and the service; or
> c) your proxy must negotiate its own TLS connection(s) with the service.
>
Paul
Thanks. I'm
On 4/10/21 8:52 AM, cseb...@gmail.com wrote:
>
>> Is it even possible to be secure in that way? This is, by definition,
>> a MITM, and in order to be useful, it *will* have to decrypt
>> everything. So if someone compromises the monitor, they get
>> everything.
>
> Chris
>
> I hear all your
There is absolutely nothing wrong with building your own reverse proxy
in front of your own service, as long as you control both. This
constitutes a tiered network/application architecture, and it's a
common practice. There's no man in the middle; there's no imposter; its
all "you".
If your
> Is it even possible to be secure in that way? This is, by definition,
> a MITM, and in order to be useful, it *will* have to decrypt
> everything. So if someone compromises the monitor, they get
> everything.
Chris
I hear all your security concerns and I'm aware of them. I *really*
On Fri, Apr 9, 2021 at 12:42 AM <2qdxy4rzwzuui...@potatochowder.com> wrote:
>
> On 2021-04-09 at 00:17:59 +1000,
> Chris Angelico wrote:
>
> > Also, you'd better be really REALLY sure that your monitoring is
> > legal, ethical, and not deceptive.
>
> Not to mention *secure*. Your monitor
On 2021-04-09 at 00:17:59 +1000,
Chris Angelico wrote:
> Also, you'd better be really REALLY sure that your monitoring is
> legal, ethical, and not deceptive.
Not to mention *secure*. Your monitor increases the attack surface of
the system as a whole. If I break into your monitor, can I
On Fri, Apr 9, 2021 at 12:11 AM cseb...@gmail.com wrote:
>
> I'm trying to create an application that stands in between all
> connections to a remote server to monitor behavior for
> security and compliance reasons.
>
> I'm guessing I'll have all users log into this middle man proxy
> application
I'm trying to create an application that stands in between all
connections to a remote server to monitor behavior for
security and compliance reasons.
I'm guessing I'll have all users log into this middle man proxy
application instead of logging into the original website?
Are there any