Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SUGGESTION] Use a self-signed SSL certificate on port 443 by default to prevent IP leakage. #978

Open
hayasugihayato opened this issue Jul 8, 2024 · 1 comment
Open

[SUGGESTION] Use a self-signed SSL certificate on port 443 by default to prevent IP leakage. #978

hayasugihayato opened this issue Jul 8, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@hayasugihayato
Copy link

背景与遇到的问题

如果WAF部署在Cloudflare等CDN产品之后,并希望隐藏自己的IP以此防止针对性的DDOS攻击,那么现在雷池443端口的SSL证书可能会泄露WAF所在服务器的IP。例如被censys扫描到证书。

建议的解决方案

在443端口默认使用自签名SSL证书,防止IP泄露
@Lorna0
Copy link
Collaborator

Lorna0 commented Jul 9, 2024

可以先手动加一个 域名为 * 、端口为 443/ssl、证书为自签证书 的站点解决。

@Lorna0 Lorna0 added the enhancement New feature or request label Jul 9, 2024
@safe1ine safe1ine changed the title [建议] 在443端口默认使用自签名SSL证书,防止IP泄露 [SUGGESTION] Use a self-signed SSL certificate on port 443 by default to prevent IP leakage. Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Lorna0 @hayasugihayato