Categories
Networking

Blocking active GFW probes

Based on the information from this blog post, a list of IPv4 blocks is identified as potential GFW active probes which, if allowed to scan your server for known services, may result in the GFW blocking access to your IP. If that happens, your IP will not be able to access anything behind the GFW, which can be a bummer.

Categories
Networking

Allow only Cloudflare CDN servers to your web servers

We love to use Cloudflare CDN because it improves latency and uptime, and the price is just right (free) for the starter pack.

Normally, a web server’s ports 80 and 443 would be opened to the public internet, with access restricted by selected IP ranges by either ASN or country, depending on what the administrator has configured. But if you are using Cloudflare’s CDN service, you can permit TCP 80/443 access only to their servers, and block all other incoming requests. You can then fine-tune access control using Cloudflare’s web application firewall. It would greatly reduce your web server’s attack surface.