1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Implemented Option to globally disable ability to upload from URL

Discussion in 'Media Gallery Closed Suggestions' started by imthebest, Jan 2, 2015.

  1. imthebest

    imthebest Formerly Super120

    As title says because when using CloudFlare to protect your server from DDoS attacks the "Upload from URL" feature is an easy way for atackers to find your real IP
    Skylined likes this.
  2. Martok

    Martok Well-Known Member

    How? Can you explain please?
  3. imthebest

    imthebest Formerly Super120

  4. Martok

    Martok Well-Known Member

    Have you tested this in XFMG on this site? On a Cloudflare site?
    Last edited: Jan 3, 2015
  5. imthebest

    imthebest Formerly Super120

    No but pretty sure it will work.
  6. DeltaHF

    DeltaHF Well-Known Member

    The image proxy, if a forum is using it, provides another way to retrieve the server's IP address, because it must reach out to third-party hosts to download image files and any logs will show this information.

    I'm just getting familiar with CloudFlare, but I presume the best practice is to use the server's firewall to restrict incoming traffic from CloudFlare servers and a small subset of other trusted services which need to access it. That way, even though your server's public IP is known, it will be much easier to mitigate any attacks.

Share This Page