Jump to content


Photo

Yet another server test to defeat.... :-)


  • Please log in to reply
57 replies to this topic

#41 makarai OFFLINE  

makarai

    Advanced Member

  • Members
  • 549 posts
  • Local time: 02:44 PM

Posted 20 September 2018 - 01:14 AM

Which Firewall are you using

#42 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3522 posts
  • Local time: 07:44 AM
  • LocationChicago

Posted 20 September 2018 - 09:06 AM

Which Firewall are you using

 

It's always good to keep that info private.. lol     :ph34r:


  • cayars likes this

#43 makarai OFFLINE  

makarai

    Advanced Member

  • Members
  • 549 posts
  • Local time: 02:44 PM

Posted 20 September 2018 - 10:27 AM

Would you mind sending me a pm so I can copy your setup :D

#44 Swynol OFFLINE  

Swynol

    Advanced Member

  • Members
  • 1077 posts
  • Local time: 01:44 PM
  • LocationWales, UK

Posted 20 September 2018 - 04:37 PM

i have similar to pir8radio.

 

wan - cloudflare - IPS - Firewall - nginx - servers



#45 bfir3 OFFLINE  

bfir3

    Advanced Member

  • Members
  • 412 posts
  • Local time: 12:44 PM

Posted 26 September 2018 - 12:57 PM

This is awesome information. I just tested my server and I got an F, lol. Looks like I will be digging into this tonight.



#46 makarai OFFLINE  

makarai

    Advanced Member

  • Members
  • 549 posts
  • Local time: 02:44 PM

Posted 22 October 2018 - 09:33 AM

WAN--Cloudflare------Firewall--nginx--emby        The firewall defaults to block all except TCP 80 & 443  

 

Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ?



#47 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3522 posts
  • Local time: 07:44 AM
  • LocationChicago

Posted 22 October 2018 - 05:28 PM

Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ?

 

you mean under crypto?  Full.  Had to go with full because of how I hide my origin server..   :)



#48 makarai OFFLINE  

makarai

    Advanced Member

  • Members
  • 549 posts
  • Local time: 02:44 PM

Posted 23 October 2018 - 01:10 AM

you mean under crypto? Full. Had to go with full because of how I hide my origin server.. :)


OK, thanks.

#49 RobWayBro OFFLINE  

RobWayBro

    Advanced Member

  • Members
  • 133 posts
  • Local time: 08:44 AM
  • LocationCentral Indiana

Posted 23 October 2018 - 11:02 AM

Made it to an A+ also, without loss of connectivity..

.5bcf37e0a9128_aplusbfhmedia.png


  • pir8radio likes this

#50 jachin99 OFFLINE  

jachin99

    Advanced Member

  • Members
  • 815 posts
  • Local time: 08:44 AM

Posted 28 March 2020 - 11:59 AM

Are you all making changes directly to the web app, or are you all using proxies?



#51 mastrmind11 OFFLINE  

mastrmind11

    Advanced Member

  • Members
  • 3140 posts
  • Local time: 08:44 AM
  • LocationLong Island, NY

Posted 29 March 2020 - 08:39 AM

Are you all making changes directly to the web app, or are you all using proxies?

proxy



#52 Shidapu OFFLINE  

Shidapu

    Advanced Member

  • Members
  • 92 posts
  • Local time: 02:44 PM

Posted 30 March 2020 - 12:53 PM

Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare..

 

wan - cloudflare - VPN - Firewall - nginx - servers


Edited by Shidapu, 30 March 2020 - 12:55 PM.


#53 jachin99 OFFLINE  

jachin99

    Advanced Member

  • Members
  • 815 posts
  • Local time: 08:44 AM

Posted 30 March 2020 - 03:50 PM

I have actually done this for an IIS site but never anything else.  What advantages to you get with cloudfare when your using a proxy anyway?  Why nginx over others?



#54 Spaceboy OFFLINE  

Spaceboy

    Advanced Member

  • Members
  • 4774 posts
  • Local time: 01:44 PM

Posted 30 March 2020 - 06:25 PM

I have actually done this for an IIS site but never anything else. What advantages to you get with cloudfare when your using a proxy anyway? Why nginx over others?

cloudflare obscures your IP address

#55 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3522 posts
  • Local time: 07:44 AM
  • LocationChicago

Posted 30 March 2020 - 06:32 PM

Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare..

 

wan - cloudflare - VPN - Firewall - nginx - servers

 

check out my CSP info page:  https://emby.media/c...pment/?p=614155

;)


  • Shidapu likes this

#56 Shidapu OFFLINE  

Shidapu

    Advanced Member

  • Members
  • 92 posts
  • Local time: 02:44 PM

Posted 31 March 2020 - 02:32 PM

check out my CSP info page:  https://emby.media/c...pment/?p=614155

;)

Sweet thanks for the link! A+. :D And working great so far.

I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet.

I posted in your thread, could you check if my CSP is ok?


Edited by Shidapu, 31 March 2020 - 02:33 PM.


#57 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 3522 posts
  • Local time: 07:44 AM
  • LocationChicago

Posted 31 March 2020 - 02:36 PM

Sweet thanks for the link! A+. :D And working great so far.

I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet.

I posted in your thread, could you check if my CSP is ok?

 

yes, the "report uri" address sends fails...   so if your CSP blocked something the client end would report what was blocked to that url.    so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. 


Edited by pir8radio, 31 March 2020 - 02:42 PM.

  • Shidapu likes this

#58 Shidapu OFFLINE  

Shidapu

    Advanced Member

  • Members
  • 92 posts
  • Local time: 02:44 PM

Posted 31 March 2020 - 02:56 PM

yes, the "report uri" address sends fails...   so if your CSP blocked something the client end would report what was blocked to that url.    so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. 

Yeah thats what i want it to do! :D A good thing to make some ease of mind for me when playing with CSP in the future. Thanks alot for the good info!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users