On 15/06/19 23.03, Wouter Verhelst wrote:
On Sat, Jun 15, 2019 at 07:14:58PM +0700, Bagas Sanjaya wrote:
Dear debian.org webmasters,
CDN (Content Delivery Network) is a service that distribute website's content
into different servers across the world. This way, when a visitor in Singapore
(for example) visit a website which hosted in Europe, the website assets will
be served from CDN server in Singapore or nearby instead.
The Debian.org website is already mirrored to several machines, which in fact
implements a CDN avant la lettre.
[...]
One of interesting feature of Cloudflare is reCAPTCHA challenge every time
visitor access website which have this feature enabled.
Please let's not go there...
The Debian.org website is already mirrored to several machines, which in fact
implements a CDN avant la lettre.
Do debian.org website's CDN have DDOS protection like what Cloudflare have?
Please let's not go there...
What is your position regarding Cloudflare's reCAPTCHA challenge feature
I mentioned earlier? Here are pros and cons of the feature:
Pros:
* You can assure that (almost) all visitors are legitimate (human),
since they must pass the challenge.
Cons:
* The reCAPTCHA itself is trickier to pass.
* Cloudflare's recommendation to prevent the Challenge can be
difficult or impossible to implement. In case of office/shared
networks, they have to contact network administrator in order to do
scan across their network for infected/misconfigured devices, which
can take long time.
* Also, Cloudflare endorse Firefox by the statement "Another way to
prevent getting this page in the future is to use Privacy Pass
browser extension
<https://addons.mozilla.org/en-US/firefox/addon/privacy-pass/>".
This can force users of Chrome and other browsers to switch to
Firefox only to get passed the challenge.
* Displaying visitor's IP address in the challenge page is
disrespectful to their privacy and can cause data leakage.
