top | item 39919803

(no title)

Guzba | 1 year ago

B2 can be great but it is missing a lot of features when compared to other object stores so it isn't a good solution for every scenario.

As an example I investigated, to put a custom domain in front of a B2 bucket they suggest using Cloudflare and CNAME-ing a bucket subdomain (eg f000.backblazeb2.com) https://www.backblaze.com/docs/cloud-storage-deliver-public-...

Well if f000.backblazeb2.com is used for any other people's buckets too, which appears to be the case, I guess I am now able to serve other people's files from my domain? This seems terrible.

discuss

jdmarble|1 year ago

I'm not sure I understand all of the nuances here (I'm no webmaster), but this is covered in the documentation you linked:

> You must configure page rules to allow Cloudflare to fetch only your Backblaze B2 bucket from your domain. ... Otherwise, someone could use your domain to fetch content from another customer's public bucket. To ensure this does not happen, Cloudflare lets you use page rules to scope requests to your bucket.

Guzba|1 year ago

The example shows leaving your bucket name in the url as a way to filter out requests to other bucket names. If you want your static site to have http://mysite.com/bucketname/index.html then I guess that's ok. But again, careful configuration and still not for every situation.

I'm sure you can layer more rules to get it exactly right but I'd not be eager to layer on complex configuration through multiple service providers when it is avoidable, unless there is some very compelling overriding reason.