undefined | Better HN

0 pointsnilved11y ago0 comments

Speaking strictly, you're right, but when you consider (a) Cloudflare's connection to your server is insecure (b) Cloudflare is listening in on every request (c) Cloudflare blocks VPN and Tor users, it doesn't seem like such an obvious decision. But that's a false dichotomy, since everybody should use HTTPS, nobody should use HTTP, and, most importantly, nobody should be okay with third-parties snooping on your users.

0 comments

TheMakeA11y ago

    Cloudflare's connection to your server is insecure

This isn't always the case. The connection can be secure.

rdl11y ago

Yeah, it can even be cert pinned, which is probably better than a non pinned end to end tls unless your attacker is local to you, due to the wonders of anycast. Also, like Google, we are constantly looking for malicious stuff like this on our IPs.

ajtaylor11y ago

I had the same initial thought about (a), but the comments mentioned that CloudFlare issues a certificate you can install on your origin servers which will allow secure connections with CloudFlare.

gcarre11y ago

I'm using a VPN (tunnelbear) and I can access my website that's behind cloudflare

j / k navigate · click thread line to collapse