@drscriptt Naive question: WHEN does the average #Internet #user ever open up a webpage with an #IP address instead of a #domain or even #FQDN?

• Seriously, the only cases I saw were either some old, non-public - facing server in some B2B/API setting or a test that #httpd / #ngnix / #ssh / … function properly on like a #VPS and that the #DNS hasn't been updated (yet!) to include said host / FQDN in the records, and even then it's bad cuz you'd rather want to use it's FQDN instead because with #IPv4 shortages on one hand and tools like #Portainer on the other, one should not use an #IPaddress as addressing method because #WAF / #Proxies used to "#MUX" / "#NAT" services under one IP address or #IPv6 block may need that distinction by being queried for a specific FQDN...

The Idea if !SSL / #TLD for #IPaddresses makes me feel like Jeff Goldblum!

@lukeshu So I guess #Anubis has an explicit exception to handle #Lynx and will instead rely on rate-limits and other static means to detect #scrapers and handle with #UserAgent #abuse cases, like #fail2ban-style autobanning of violating IPs...

• This makes sense for a #WAF like Anubis and would've been the only viable option I'm aware of.

I wounder if anyone has tried using Anubis on @torproject / #Tor to protect #OnionService|s since that would be a reasonable application for it as well.

@jmason_links

Can confirm, this is extremely lol. If attackers can read arbitrary files on your server, then you've got way bigger problems than stopping them from reading the f**king hosts file.

@Wheels @RickiTarr

That will be the next step for this administration, after ignoring judicial orders, it will ignore congress, and there will be no consequences.

This is a prediction.

Also, is this correct? > Congress formally controls the budget, but the administration manages the money. Once the administration has the money, if they refuse to spend per congressional budget, there is only the judiciary (ignoring), and congress (1. Controls, 2. predicted to ignore), to enforce?
#WAF

@kdj8 waf

@LibreKitsune I still consider this a hostile act and a blatant violation of their previous #settlement that forced them into #publishing said #IPv4 #ranges...

• In fact had they not actively worked against that previously and it only raised my attention when I saw errors re: said ranges.

I'm considering to build a #workaround on #GitHub to just use a #cookie and some #compute to do it, but if I had cash to spare I'd sue them into removing #ClownFlare and allowing me to scrape the list directly...

• I'm very close to just sending them an #invoice for the personnel hours wasted on that bs and billing them regularly for the expense of manually checking the difference between those (@ minimum of 60:15 billable minutes)...

Otherwise I do expect regulators to actually go after #OpenAI and force them to undo the #Cloudflare-based #Enshittification, since it's neither feasible nor reasonable to claim "#DDoS-#Protection" for a 48 Bytes (!!!) file...

• Every #WAF / #WebApplicationFirewall I know would not get triggered even if I were to query it once per hour (which I now do just to annoy them or rather ClownFlare!...