Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
如果WAF部署在Cloudflare等CDN产品之后,并希望隐藏自己的IP以此防止针对性的DDOS攻击,那么现在雷池443端口的SSL证书可能会泄露WAF所在服务器的IP。例如被censys扫描到证书。
在443端口默认使用自签名SSL证书,防止IP泄露
The text was updated successfully, but these errors were encountered:
可以先手动加一个 域名为 * 、端口为 443/ssl、证书为自签证书 的站点解决。
背景与遇到的问题
如果WAF部署在Cloudflare等CDN产品之后,并希望隐藏自己的IP以此防止针对性的DDOS攻击,那么现在雷池443端口的SSL证书可能会泄露WAF所在服务器的IP。例如被censys扫描到证书。
建议的解决方案
在443端口默认使用自签名SSL证书,防止IP泄露
The text was updated successfully, but these errors were encountered: