search

chaitin / SafeLine

serve as a reverse proxy to protect your web services from attacks and exploits.
https://waf.chaitin.com
GNU General Public License v3.0
12.7k stars 790 forks source link

[SUGGESTION] Use a self-signed SSL certificate on port 443 by default to prevent IP leakage. #978

Closed hayasugihayato closed 1 month ago

hayasugihayato commented 4 months ago

背景与遇到的问题

如果WAF部署在Cloudflare等CDN产品之后,并希望隐藏自己的IP以此防止针对性的DDOS攻击,那么现在雷池443端口的SSL证书可能会泄露WAF所在服务器的IP。例如被censys扫描到证书。

建议的解决方案

在443端口默认使用自签名SSL证书,防止IP泄露

Lorna0 commented 4 months ago

可以先手动加一个 域名为 * 、端口为 443/ssl、证书为自签证书 的站点解决。

xbingW commented 1 month ago

6.10.2 已支持