Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sure, DDoS protection sounds useful, but that's not at all what the article is about.


The article is mostly about the how, and not the why. It briefly mentions the why with:

> you might be worried about forwarding your IP and connections to the world without properly securing them. Setting it all up sounds like a hassle, right?

If I were to do this, it would be because I didn't want expose my IP to the world. And the two big reasons not to expose your IP are so you can't be DDoSed, and to reduce the privacy impact. Other people have chimed in that they do it because their IP is not static, and I think you can run the CF tunnel client behind CGNAT, which is also valuable.


Cf also allows adding authentication. Everything from OTP to third party OIDC. Including major providers like google , github etc. In edition blocking access by region or country.

Also not everyone can simply open a port on their router. Lot of people have ISPs that prohibit that or are behind CGNAT. So CF tunnels makes it lot easier for them to selfhost and expose those apps.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: