This is the most ridiculous thing I read in the last year…no wait…….. yes it is…
Self-Hosted Main
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
All I can say is, wut?
Even if you can get the appZTNA stuff to work (which I doubt), how is your infra going to absorb multi Tbit traffic without customer impact?
Perhaps I didn't express my thoughts clearly, and for that, I apologize.
In the past, we typically approached the challenge of mitigating DDoS attacks by countering and combating resources at the L3-L7 level. I do not deny that this is a correct and effective solution, and I am familiar with how it works.However, in my previous work, our mobile app often fell victim to DDoS attacks, and I found that there could be an alternative approach to addressing the issue. Why must we tackle DDoS with a firewall mindset? Is it possible to make DDoS disappear more proactively?We analyzed DDoS from the ATT&CK perspective of the attacker, focusing on the typical steps of attacking a mobile app:
1、Downloading the app from the App Store.
2、Analyzing the app through packet capture or debugging tools to identify the attack target: Domain or IP address.
3、Using DDoS tools to initiate an attack on the target using a botnet.
Typically, we address DDoS at the third step when the attack has already occurred, and we are left seeking additional layers of protection.Our approach is in the second stage. When I have a certain number of edge IPs to distribute user or device connections and manage global traffic based on user or device context, this method is highly effective.The only drawback is that this method is only effective for native mobile or client applications. However, the benefits it brings include making the application actively immune to DDoS rather than passively defending against it and effectively identifying attackers.
You expressed yourself just fine and my question is still valid. Do you have the capacity to handle multi Tbit traffic on the edge ips that you use to hide the backend ips? Because if all of those are flooded, not only will the backend app be unreachable, but all your customers will be unreachable as well.
A mini self-hosted cloudflare.... you mean, like building a reverse proxy? If so... we already have treafik, nginx, haproxy, etc....
Self-hosted, ruins the reason I use cloudflare, completely.
I use cloudflare, because...
- DDOS / Attack protection. The bandwidth hits their servers, and not mine. You CANNOT SELF HOST ddos protection, unless you have a MASSIVE amount of bandwidth. Otherwise, it just overwhelms your internet connection. It doesn't matter if the traffic is blocked. It still fills your pipe.
- Hiding my private IP / handling my dynamic IP.
- Processing my domain's SMTP. You don't want to handle email at your home IP.... its likely blacklisted from major providers.