mirror of
https://codeberg.org/slatian/service.echoip-slatecave.git
synced 2025-03-03 20:04:19 +01:00
Add privacy recommendation for reverse proxies
This commit is contained in:
Slatian
parent
ba34caf8fc
commit
47fad2007b
@ -98,6 +98,10 @@ Most noably you can disable reverse dns lookups, hide domains with given suffixe
|
|||||||
`echoip-slatecave` only exposes an unencrypted http interface to keep the service itself simple.
|
`echoip-slatecave` only exposes an unencrypted http interface to keep the service itself simple.
|
||||||
For a public service you should use a reverse proxy like Caddy, apache2 or nginx and configure the `ip_header` option, see the echoip_config.toml file. Usually the preconfigured `RightmostXForwardedFor` is the correct one, but please doublecheck it matches your servers configuration, it should fail by simply not working, but no guarantees given.
|
For a public service you should use a reverse proxy like Caddy, apache2 or nginx and configure the `ip_header` option, see the echoip_config.toml file. Usually the preconfigured `RightmostXForwardedFor` is the correct one, but please doublecheck it matches your servers configuration, it should fail by simply not working, but no guarantees given.
|
||||||
|
|
||||||
|
Consider hiding the values of the following in your server logs for increased privacy:
|
||||||
|
* The `query` URL query paramter
|
||||||
|
* All paths subpath to `/ip/` and `/dig/`
|
||||||
|
|
||||||
### Denail of Service
|
### Denail of Service
|
||||||
|
|
||||||
`echoip-slatecave` has some simle ratelimiting built in (see the `[ratelimit]` section in the configuration file) this should help you with too frequest automated requests causung high load.
|
`echoip-slatecave` has some simle ratelimiting built in (see the `[ratelimit]` section in the configuration file) this should help you with too frequest automated requests causung high load.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user