← Back to context Comment by ssijak 1 year ago Put Cloudflare proxy in front of Netlify/Vercel deploys 3 comments ssijak Reply tjosepo 1 year ago Every Netlify project is assigned a Netlify subdomain (i.e. `example.netlify.app`) that cannot be removed or proxied.If anyone figures out what your Netlify subdomain is, it's my understanding that they can DDoS you and there's nothing you can do about it. spacemagic 1 year ago That makes sense, but is the Netlify subdomain visible from your custom domain? How would they be able to figure it out, other than humans leaking it somehow? tjosepo 1 year ago It should not be visible, but security-by-obscurity is not something that makes me sleep well at night.It's a design limitation of Netlify that might cost you $100,000 some day.
tjosepo 1 year ago Every Netlify project is assigned a Netlify subdomain (i.e. `example.netlify.app`) that cannot be removed or proxied.If anyone figures out what your Netlify subdomain is, it's my understanding that they can DDoS you and there's nothing you can do about it. spacemagic 1 year ago That makes sense, but is the Netlify subdomain visible from your custom domain? How would they be able to figure it out, other than humans leaking it somehow? tjosepo 1 year ago It should not be visible, but security-by-obscurity is not something that makes me sleep well at night.It's a design limitation of Netlify that might cost you $100,000 some day.
spacemagic 1 year ago That makes sense, but is the Netlify subdomain visible from your custom domain? How would they be able to figure it out, other than humans leaking it somehow? tjosepo 1 year ago It should not be visible, but security-by-obscurity is not something that makes me sleep well at night.It's a design limitation of Netlify that might cost you $100,000 some day.
tjosepo 1 year ago It should not be visible, but security-by-obscurity is not something that makes me sleep well at night.It's a design limitation of Netlify that might cost you $100,000 some day.
Every Netlify project is assigned a Netlify subdomain (i.e. `example.netlify.app`) that cannot be removed or proxied.
If anyone figures out what your Netlify subdomain is, it's my understanding that they can DDoS you and there's nothing you can do about it.
That makes sense, but is the Netlify subdomain visible from your custom domain? How would they be able to figure it out, other than humans leaking it somehow?
It should not be visible, but security-by-obscurity is not something that makes me sleep well at night.
It's a design limitation of Netlify that might cost you $100,000 some day.