diff options
Diffstat (limited to 'build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html')
| -rw-r--r-- | build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html b/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html new file mode 100644 index 00000000..9f87bab9 --- /dev/null +++ b/build/blog/2016-09-01-this-blog-is-now-behind-cloudflare.html @@ -0,0 +1,54 @@ +<!DOCTYPE html> +<html> +<head> +<meta charset="utf-8"/> +<meta content="pandoc" name="generator"/> +<meta content="Zhiming Wang" name="author"/> +<meta content="2016-09-01T20:11:00+08:00" name="date"/> +<title>This blog is now behind CloudFlare</title> +<link href="/img/apple-touch-icon-152.png" rel="apple-touch-icon-precomposed"/> +<meta content="#FFFFFF" name="msapplication-TileColor"/> +<meta content="/img/favicon-144.png" name="msapplication-TileImage"/> +<meta content="width=device-width, initial-scale=1" name="viewport"/> +<link href="/css/normalize.min.css" media="all" rel="stylesheet" type="text/css"/> +<link href="/css/theme.css" media="all" rel="stylesheet" type="text/css"/> +</head> +<body> +<div id="archival-notice">This blog has been archived.<br/>Visit my home page at <a href="https://zhimingwang.org">zhimingwang.org</a>.</div> +<nav class="nav"> +<a class="nav-icon" href="/" title="Home"><!--blog icon--></a> +<a class="nav-title" href="/"><!--blog title--></a> +<a class="nav-author" href="https://github.com/zmwangx" target="_blank"><!--blog author--></a> +</nav> +<article class="content"> +<header class="article-header"> +<h1 class="article-title">This blog is now behind CloudFlare</h1> +<div class="article-metadata"> +<time class="article-timestamp" datetime="2016-09-01T20:11:00+08:00">September 1, 2016</time> +</div> +</header> +<p>Back in July I registered the domain <a href="http://zhimingwang.org">zhimingwang.org</a> and pointed this GitHub Pages-powered blog at it. Since then I have lost the HTTPS badge due to GitHub Pages not supporting HTTPS on custom domains (see <a href="https://github.com/isaacs/github/issues/156">isaacs/github#156</a>).</p> +<p>There have been a lot of discussions on isaacs/github#156 (and stupid <a href="/blog/2016-01-18-me-too-comments-on-github.html">+1's</a> too). Among the proposed solutions is putting the website behind CloudFlare. I carefully investigated <a href="https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/">this option</a> and read almost all the arguments against it. I fully understand CloudFlare's SSL models (summarized in the image below), and I do realize most if not all of the limitations of CloudFlare, including CloudFlare being a huge MITM (which is inevitable for a CDN anyway), as well as most if not all of its annoyances, including CAPTCHAs which I myself would occasionally run into when I'm browsing with PIA VPN, and JavaScript-based browser checks.</p> +<div class="figure"> +<a href="/img/20160901-cloudflare-ssl-modes.png" target="_blank"><img alt="CloudFlare's SSL modes. I use the Full SSL mode so that both ends of the connection are encrypted. Again, I know CloudFlare is a big MITM and could be a high profile target. Credit: CloudFlare." src="/img/20160901-cloudflare-ssl-modes.png" width="500"/></a> +<p class="caption">CloudFlare's SSL modes. I use the Full SSL mode so that both ends of the connection are encrypted. Again, I know CloudFlare is a big MITM and could be a high profile target. Credit: <a href="https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/">CloudFlare</a>.</p> +</div> +<p>After careful evaluation, I decided that CloudFlare's SSL model is good enough for me. After all, this is just a damn blog, with nothing sensitive. TLS is still nice because it guards against prying eyes and unethical ad-injecting ISPs or Wi-Fi hotspots, but other than that, it isn't necessary.</p> +<p>End result: this blog is now behind CloudFlare. Readers should now see that green HTTPS badge again (note that I'm enforcing HTTPS â without HSTS though). As for CAPTCHAs, I have adjusted the firewall settings on CloudFlare's dashboard â "Security Level" to "Essentially Off" and "Challenge Passage" to 1 year, so hopefully it won't be too annoying.<a class="footnoteRef" href="#fn1" id="fnref1"><sup>1</sup></a></p> +<p><strong>09/01/2016 Update.</strong> I just realized that <a href="https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-">CloudFlare supports whitelisting Tor traffic</a>. Did that.</p> +<div class="footnotes"> +<hr/> +<ol> +<li id="fn1"><p>I don't use Tor, and don't intend to raise Big Brother's suspicion by using it, so I have no idea of the actual Tor experience.<a class="footnotes-backlink" href="#fnref1">âŠī¸</a></p></li> +</ol> +</div> +</article> +<hr class="content-separator"/> +<footer class="footer"> +<span class="rfooter"> +<a class="rss-icon" href="/rss.xml" target="_blank" title="RSS feed"><!--RSS feed icon--></a><a class="atom-icon" href="/atom.xml" target="_blank" title="Atom feed"><!--Atom feed icon--></a><a class="cc-icon" href="https://creativecommons.org/licenses/by/4.0/" target="_blank" title="Released under the Creative Commons Attribution 4.0 International license."><!--CC icon--></a> +<a href="https://github.com/zmwangx" target="_blank">Zhiming Wang</a> +</span> +</footer> +</body> +</html> |