57 replies to this topic

[makarai]

Which Firewall are you using

[pir8radio]

Which Firewall are you using

 

It's always good to keep that info private.. lol    

[makarai]

Would you mind sending me a pm so I can copy your setup

[Swynol]

i have similar to pir8radio.

 

wan - cloudflare - IPS - Firewall - nginx - servers

[bfir3]

This is awesome information. I just tested my server and I got an F, lol. Looks like I will be digging into this tonight.

[makarai]

WAN--Cloudflare------Firewall--nginx--emby        The firewall defaults to block all except TCP 80 & 443  

 

Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ?

[pir8radio]

Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ?

 

you mean under crypto?  Full.  Had to go with full because of how I hide my origin server..  

[makarai]

you mean under crypto? Full. Had to go with full because of how I hide my origin server..

OK, thanks.

[RobWayBro]

Made it to an A+ also, without loss of connectivity..

.

[jachin99]

Are you all making changes directly to the web app, or are you all using proxies?

[mastrmind11]

Are you all making changes directly to the web app, or are you all using proxies?

proxy

[Shidapu]

Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare..

 

wan - cloudflare - VPN - Firewall - nginx - servers

Edited by Shidapu, 30 March 2020 - 12:55 PM.

[jachin99]

I have actually done this for an IIS site but never anything else.  What advantages to you get with cloudfare when your using a proxy anyway?  Why nginx over others?

[Spaceboy]

I have actually done this for an IIS site but never anything else. What advantages to you get with cloudfare when your using a proxy anyway? Why nginx over others?

cloudflare obscures your IP address

[pir8radio]

Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare..

 

wan - cloudflare - VPN - Firewall - nginx - servers

 

check out my CSP info page:  https://emby.media/c...pment/?p=614155

[Shidapu]

check out my CSP info page:  https://emby.media/c...pment/?p=614155

Sweet thanks for the link! A+. And working great so far.

I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet.

I posted in your thread, could you check if my CSP is ok?

Edited by Shidapu, 31 March 2020 - 02:33 PM.

[pir8radio]

Sweet thanks for the link! A+. And working great so far.

I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet.

I posted in your thread, could you check if my CSP is ok?

 

yes, the "report uri" address sends fails...   so if your CSP blocked something the client end would report what was blocked to that url.    so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. 

Edited by pir8radio, 31 March 2020 - 02:42 PM.

[Shidapu]

yes, the "report uri" address sends fails...   so if your CSP blocked something the client end would report what was blocked to that url.    so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. 

Yeah thats what i want it to do! A good thing to make some ease of mind for me when playing with CSP in the future. Thanks alot for the good info!