Anubis.
lock.cmpxchg8b.com

Some thoughts on how useful Anubis really is. Combined with comments I read elsewhere about scrapers starting to solve the challenges, I’m afraid Anubis will be outdated soon and we need something else.

  • Björn Tantau@swg-empire.deEnglish
    41·
    3 hours ago

    Cloudflare would need https keys so they could read all the content you worked so hard to encrypt. If I wanted to do bad shit I would apply at Cloudflare.

    • mobotsar@sh.itjust.worksEnglish
      2·
      2 hours ago

      Maybe I’m misunderstanding what “behind cloudflare” means in this context, but I have a couple of my sites proxied through cloudflare, and they definitely don’t have my keys.

      I wouldn’t think using a cloudflare captcha would require such a thing either.

      • StarkZarn@infosec.pubEnglish
        1·
        30 minutes ago

        That’s because they just terminate TLS at their end. Your DNS record is “poisoned” by the orange cloud and their infrastructure answers for you. They happen to have a trusted root CA so they just present one of their own certificates with a SAN that matches your domain and your browser trusts it. Bingo, TLS termination at CF servers. They have it in cleartext then and just re-encrypt it with your origin server if you enforce TLS, but at that point it’s meaningless.