crusher11 1127 Posted 1 hour ago Posted 1 hour ago 3 hours ago, Q-Droid said: Enable SNI (many do by default) so that IP based requests are rejected. What's SNI?
sh0rty 724 Posted 1 hour ago Posted 1 hour ago (edited) 38 minutes ago, crusher11 said: What's SNI? Server name indication. Simple: The reverse proxy just reacts when the specified hostname, e.g. emby.yourdomain.com is called by the client. Many simple bots, vulnerability scanners and automated scripts try to connect directly to your public IP address. Edited 1 hour ago by sh0rty 1
Q-Droid 999 Posted 1 hour ago Posted 1 hour ago 10 minutes ago, sh0rty said: Server name indication. Simple: The reverse proxy just reacts when the specified hostname, e.g. emby.yourdomain.com is called by the client. Many simple bots, vulnerability scanners and automated scripts try to connect directly to your public IP address. This. And if your domain doesn't have a PTR record for reverse lookups then your IP is all they know and can't complete the TLS handshake to get any more info. Just don't run non-TLS services on the same IP. Most domains wouldn't need a PTR unless running an email server and if someone is then they should know enough to protect their services.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now