crusher11 1127 Posted 3 hours ago Posted 3 hours ago 3 hours ago, Q-Droid said: Enable SNI (many do by default) so that IP based requests are rejected. What's SNI?
sh0rty 726 Posted 3 hours ago Posted 3 hours ago (edited) 38 minutes ago, crusher11 said: What's SNI? Server name indication. Simple: The reverse proxy just reacts when the specified hostname, e.g. emby.yourdomain.com is called by the client. Many simple bots, vulnerability scanners and automated scripts try to connect directly to your public IP address. Edited 3 hours ago by sh0rty 2
Q-Droid 1000 Posted 2 hours ago Posted 2 hours ago 10 minutes ago, sh0rty said: Server name indication. Simple: The reverse proxy just reacts when the specified hostname, e.g. emby.yourdomain.com is called by the client. Many simple bots, vulnerability scanners and automated scripts try to connect directly to your public IP address. This. And if your domain doesn't have a PTR record for reverse lookups then your IP is all they know and can't complete the TLS handshake to get any more info. Just don't run non-TLS services on the same IP. Most domains wouldn't need a PTR unless running an email server and if someone is then they should know enough to protect their services.
woofstream 4 Posted 47 minutes ago Posted 47 minutes ago I'd really love to enable SNI, how should I get started?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now