Dear kids, this is what happens when you let AI design your core infrastructure architecture...
-
RE: https://ipv6.social/@tschaefer/116071588412706294
Dear kids, this is what happens when you let AI design your core infrastructure architecture...
"For HTTP/HTTPS: The gateway automatically adds the X-Forwarded-For header. Configure your web server (for example: Nginx or Apache) to evaluate this header."
European sovereign clouds!!
EDIT: I don't even know how they want to add this header in HTTPS traffic... Maybe (i hope?) this whole article really is just hallucinated
@manawyrm@chaos.social what even the fuck, this is some serious bullshit tbh
-
@manawyrm@chaos.social what even the fuck, this is some serious bullshit tbh
@manawyrm@chaos.social not only do they force NAT at the gateway but it translates IPv6 into IPv4
-
@manawyrm and i thought digitalocean making customers share /64s was bad
-
@manawyrm when Mythic Beasts did an IPv4 to IPv6 proxy for VPSes/Pis without IPv4 addresses it was cute.
But this… This is horrific. This is a crime against all that is good in this world. How is your internal infrastructure so fucked up you need to do this. How is everyone involved in this not dying of embarassment.
EDIT: I don’t even know how they want to add this header in HTTPS traffic… Maybe (i hope?) this whole article really is just hallucinated
Hopefully they’re using the Proxy Protocol.
But I have this horrible suspicion they’re not…
-
RE: https://ipv6.social/@tschaefer/116071588412706294
Dear kids, this is what happens when you let AI design your core infrastructure architecture...
"For HTTP/HTTPS: The gateway automatically adds the X-Forwarded-For header. Configure your web server (for example: Nginx or Apache) to evaluate this header."
European sovereign clouds!!
EDIT: I don't even know how they want to add this header in HTTPS traffic... Maybe (i hope?) this whole article really is just hallucinated
-
EDIT: I don’t even know how they want to add this header in HTTPS traffic… Maybe (i hope?) this whole article really is just hallucinated
Hopefully they’re using the Proxy Protocol.
But I have this horrible suspicion they’re not…
@erincandescent I don't think so:
- it would break existing applications
- it probably has the same/similar security implications
- they explicitly mention "X-Forwarded-For" by name -
@erincandescent I don't think so:
- it would break existing applications
- it probably has the same/similar security implications
- they explicitly mention "X-Forwarded-For" by name- definitely
- you wrap the unmodified TLS bytestream in it
- yeah….
-
-
@littlefox@gotosocial-dev.svc.0x0a.network @manawyrm@chaos.social @amy@mastodon.fibercut.org Für jeden SQL-Befehl?
-
@littlefox@gotosocial-dev.svc.0x0a.network @manawyrm@chaos.social @amy@mastodon.fibercut.org Für jeden SQL-Befehl?
-
RE: https://ipv6.social/@tschaefer/116071588412706294
Dear kids, this is what happens when you let AI design your core infrastructure architecture...
"For HTTP/HTTPS: The gateway automatically adds the X-Forwarded-For header. Configure your web server (for example: Nginx or Apache) to evaluate this header."
European sovereign clouds!!
EDIT: I don't even know how they want to add this header in HTTPS traffic... Maybe (i hope?) this whole article really is just hallucinated
@manawyrm just give your cert to that gateway ^^
-
@manawyrm just give your cert to that gateway ^^
-
@littlefox I mean, they have APIs for that
https://docs.api.stackit.cloud/documentation/certificates/version/v2 -
@manawyrm and i thought digitalocean making customers share /64s was bad
-
R relay@relay.an.exchange shared this topic
