diff options
author | neodarz <neodarz@neodarz.net> | 2017-05-04 03:27:33 +0200 |
---|---|---|
committer | neodarz <neodarz@neodarz.net> | 2017-05-04 03:27:33 +0200 |
commit | 785bde84dd4888817bb9825ba5ab388ec2b7c4b7 (patch) | |
tree | eb572026c9c953dbd67e3acc2104db11117b4e5f /source/blog/2016-09-01-this-blog-is-now-behind-cloudflare.md | |
parent | 15c05dbb86fe3d98ec6e6ebe7743fd85b860dcc6 (diff) | |
download | my_new_personal_website-785bde84dd4888817bb9825ba5ab388ec2b7c4b7.tar.xz my_new_personal_website-785bde84dd4888817bb9825ba5ab388ec2b7c4b7.zip |
Update to date
Diffstat (limited to '')
-rw-r--r-- | source/blog/2016-09-01-this-blog-is-now-behind-cloudflare.md | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/source/blog/2016-09-01-this-blog-is-now-behind-cloudflare.md b/source/blog/2016-09-01-this-blog-is-now-behind-cloudflare.md deleted file mode 100644 index 8bfde9b3..00000000 --- a/source/blog/2016-09-01-this-blog-is-now-behind-cloudflare.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: "This blog is now behind CloudFlare" -date: 2016-09-01T20:11:00+08:00 -date_display: September 1, 2016 ---- - -Back in July I registered the domain [zhimingwang.org](http://zhimingwang.org) and pointed this GitHub Pages-powered blog at it. Since then I have lost the HTTPS badge due to GitHub Pages not supporting HTTPS on custom domains (see [isaacs/github#156](https://github.com/isaacs/github/issues/156)). - -There have been a lot of discussions on isaacs/github#156 (and stupid [+1's](/blog/2016-01-18-me-too-comments-on-github.html) too). Among the proposed solutions is putting the website behind CloudFlare. I carefully investigated [this option](https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/) and read almost all the arguments against it. I fully understand CloudFlare's SSL models (summarized in the image below), and I do realize most if not all of the limitations of CloudFlare, including CloudFlare being a huge MITM (which is inevitable for a CDN anyway), as well as most if not all of its annoyances, including CAPTCHAs which I myself would occasionally run into when I'm browsing with PIA VPN, and JavaScript-based browser checks. - -![|500| CloudFlare's SSL modes. I use the Full SSL mode so that both ends of the connection are encrypted. Again, I know CloudFlare is a big MITM and could be a high profile target. Credit: [CloudFlare](https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/).](/img/20160901-cloudflare-ssl-modes.png) - -After careful evaluation, I decided that CloudFlare's SSL model is good enough for me. After all, this is just a damn blog, with nothing sensitive. TLS is still nice because it guards against prying eyes and unethical ad-injecting ISPs or Wi-Fi hotspots, but other than that, it isn't necessary. - -End result: this blog is now behind CloudFlare. Readers should now see that green HTTPS badge again (note that I'm enforcing HTTPS — without HSTS though). As for CAPTCHAs, I have adjusted the firewall settings on CloudFlare's dashboard — "Security Level" to "Essentially Off" and "Challenge Passage" to 1 year, so hopefully it won't be too annoying.[^tor] - -[^tor]: I don't use Tor, and don't intend to raise Big Brother's suspicion by using it, so I have no idea of the actual Tor experience. - -**09/01/2016 Update.** I just realized that [CloudFlare supports whitelisting Tor traffic](https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-). Did that. |