is their any alternative to cloudflare that will keep web scrapers knowing my native ips aswell not caring about the content, the kind of service that would host lulzsec
Roll your own CDN with Varnish + Hitch and some DNS provider that can do geo/latency based routing. Set up few servers on different continents and configure request throttling and some user agent classification. Add something for log analysis so you can spot bots and block them with Varnish ACLs or even on ip tables (ipset) level. Connect the servers with Wireguard VPN or tunnel the traffic to the origin server with stunnel.
Unfortunately, your options are very limited, not exactly a commonplace for something that offer an infrastructure to withstand DDOS attacks which is what Cloudflare is known for.
The real answer? The Public Internet is a broken model conceptually for security/privacy scope, we’re JUST starting to realize that there will be a threshold that pushed our internet infrastructure to the limit on just supporting the Internet as it is, but it is getting wrecked with more and more electronics getting attached to it especially with Internet of Things with increasing demand for more bandwidth. And that isn’t even covering the scenario where censorship will become rampant in coming years. The best approach to go about solving the Internet is to turn it into a friend to friend networking AKA Meshnet.
Pro:
- DDOS doesn’t scale well on Meshnet, you will likely get depeered if you’re complicit in contributing DDOS attacks. Also the current implementation of CJDNS only works on Linux, so I imagine it helps on security prospect.
- Segregation of Networks, it can segregate bad services into it’s own network and you can filter out bad network which would affect advertising, bot doing the scanning, and so forth. It’s a place where no bad actors can truly thrive, because they get limited by both bandwidth and access to the other meshnet hubs.
- You can use the cloud server to set up a “Router” server for meshnet since meshnet like CJDNS is encrypted end to end and it’s even better if you set up multiple “Router” servers under different vendors internationally.
- Easy to set up and configure on the go, you can spin it up and then add new peer on the fly with CLI.
- Meshnet can work across both Network Device and Over the Internet, you can use both at the same time.
Con:
- Barrier of Entry, it doesn’t do well when we’re dealing with your average users who can only open web browser and email.
- People generally aren’t coordinated or willing to participate such network yet which is why we see very little adoption.
- Require a little bit of networking knowledge such as how to connect to IPv6 and how to find other peers/nodes for finding websites and other stuff…
- A search engine for CJDNS meshnet would be necessary.
That the gist of where I’m seeing the Internet is heading toward, so take it as a grain of salt. People are trying to abandon corporate platforms like Reddit, Facebook, Twitter, and so forth, so naturally at some points, they’ll look into meshnet.
IDK, but this seems highly unrealistic as a future development (given the experience with such mesh networks in the past).
But what we will probably see is the ugly sister of it: nationalized networks with great firewalls similar to how China does it. They (or at least proposals) seem to be popping up everywhere these days and at least to some extend offer some of the advantages you describe above.
What really sucks about them is that while right now the Chinese internet might not offer much interesting content for foreigners, but once everyone does it, you will have severely degraded browsing utility, especially if you try it from a smaller non-aligned country. A first taste of it can already be seen if browsing the net from a 3rd world country ISP that somehow got marked as a spam source, lots of websites block you outright and many others force you through an near unlimited number of reCaptcha challenges (similar to how it is when browsing with Tor). Cloudflare is part of that problem of course, and I wouldn’t be surprised if in a few years they will be the US equivalent to the great firewall of China (technically different but with similar effect).
Well, it would depends a lot on how much of an inconvenience to use the public internet if Great Firewall of USA is made and people then look for an alternative in droves. Let’s say hypothetically, the Internet usage become extremely politicized to a point that literally anything you say can make you liable like giving a bad advice, outright ban on political discussion (I’m not seeing this yet since the discussions that are banned are the one that is inciting violence but this is one of the worry people have), de-anonymizing people such as YouTube forcing people to use real name on their website or an outright ban on vices that people enjoy.
It’s probably unrealistic today, but we can observe where the trends are heading and can speculate where we might end up using to work around that negative future. Hence why I said to take my comment with a grain of salt.
Is it because you host your server at home, and dont want people to know your home IP? Then you can just setup a reverse proxy (like nginx) on a vps, and have it forward the traffic. Many providers also have ddos protection for free. I can recommend hetzner or ovh.
Rent a VPS and route your traffic through a Wireguard VPN?
But I never really understood the need for Cloudflare. If you run a service that is so much at risk of some sort of attack that Cloudflare would prevent, it is better to set up your infrastructure accordingly on some sort of massive cloud service that has build in similar functionality. Cloudflare is just a massive privacy issue and also a problematic single point of failure.
I think N2N could be an option to be compared with Wireguard VPN in this case.
I had the same question and spent some time researching it and couldn’t find anything decent. Amazon cloudfront obviously not a good candidate. Some others are quite expensive. Hopefully someone else knows one.
