muzicman0 59 Posted March 18 Share Posted March 18 I used to use Caddy for my reverse proxy, but ended up behind a CGNAT, so currently I am using a different solution. I am no longer behind CGNAT, so thinking of going back to Caddy. My question is do any of you use any type of Geo Location filtering? I tried setting up Caddy as a test to only allow connections from the US, but was unable to get it to work correctly. Link to comment Share on other sites More sharing options...
darkassassin07 434 Posted March 18 Share Posted March 18 (edited) I used to use cloudflares geo fencing options when I used their WAF (proxy) services for Emby, but it caught such a tiny amount of traffic that I never bothered to set it up directly in nginx when I stopped using cloudflares WAF. It was only something like 2 connections/month. Instead I have nginx setup to only respond to exact subdomain matches. Any request that doesn't exactly match a known FQDN just receives a '444' (nginx's 'drop connection with no response' code). This includes connections just using my ip, or my base domain. Been meaning to setup fail2ban to block anyone that gets 444'd as well as failed auth attempts, but I've been lazy... Edited March 18 by darkassassin07 Link to comment Share on other sites More sharing options...
TMCsw 123 Posted March 19 Share Posted March 19 I actual do use Geo Location on my nginx reverse proxy but this really only gives any real help/security if you are using common ports (like 80/443/8096/8920) I use a 5 digit port for emby and and it's almost [maybe]never scanned... Link to comment Share on other sites More sharing options...
muzicman0 59 Posted March 19 Author Share Posted March 19 I'm using a Cloudflare Tunnel right now, and it works OK. I may make all my users use Tailscale. That would be decent security, but I think I have one user who uses a LG TV, so I doubt he could use it. Link to comment Share on other sites More sharing options...
crusher11 863 Posted March 19 Share Posted March 19 10 hours ago, darkassassin07 said: I used to use cloudflares geo fencing options when I used their WAF (proxy) services for Emby, but it caught such a tiny amount of traffic that I never bothered to set it up directly in nginx when I stopped using cloudflares WAF. It was only something like 2 connections/month. Mine is batting back several a day. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now