|
|
|
|
|
|
by bamfly
1072 days ago
|
|
|
You default-deny all source IPs, then allowlist your CDN's IPs on your "origin server" or its network's firewall box (if you have such a thing). Is the usual way to solve this problem, anyway, IDK if that's what they're doing. Then it doesn't matter if someone finds the IP of the actual server. Worst they can do is flood you with instantly-dropped connection attempts, but not probe services or run up your server hosting bill with large data transfers or anything like that. Scans won't find listening ports. |
|
|