top | item 39526046

(no title)

You would not filter based on the delivery man but based on the sender. If you know someone sends bombs or drugs in the mail but you cannot stop them initiating parcels, you would find ways to stop the parcels halfway. Physical mail is scanned in the real world, and customs stop stuff from entering the country - so the analogy is already reality!

In theory this would also work for IPs if not for the IP laundering OOP criticised.

Cloudflare chooses to hide thousands of IPs on a single IP - this is a technical choice, not a system necessity. There are of course many reasons for those and many of them legitimate, but it doesn't mean this is the right approach (and with IPv6 certainly other options are possible...)

discuss

JackSlateur|2 years ago

  Cloudflare chooses to hide thousands of IPs on a single IP - this is a technical choice, not a system necessity.

Well, if you want "CDN", then you must break the TCP connection. That is, you must have one TCP connection from client to CDN, and then one from CDN to the backend.

Unless you are against CDNs (they do serve a real-world purpose, tho), then it is a system necessity;