Comment by ndriscoll
1 month ago
Sure, but now you've at least made them use a more expensive L7 proxy to do it, and you can decide to block malicious actors like that entirely (blocking the "good" domain).
1 month ago
Sure, but now you've at least made them use a more expensive L7 proxy to do it, and you can decide to block malicious actors like that entirely (blocking the "good" domain).
nginx can do this pretty easily by just using proxy_pass directives, if I recall, it has been a while though
Yes, you can do it with an L7 proxy. You've been able to do that all along though, so I suppose there are reasons why surveillance networks prefer to not proxy through the websites that host their scripts. That has nothing to do with DoH to subvert network security monitors though.