vndangkhoa/kv-port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kv-port/SECURITY.md

1.4 KiB
Raw Blame History

Security & Anti-DDoS Guide

To fully protect your Synology NAS from DDoS attacks and hide your home IP address, you must use a reverse proxy service like Cloudflare. Frontend code alone cannot hide your server's IP.

Step 1: Create a Cloudflare Account

  1. Go to Cloudflare.com and sign up.
  2. Click Add a Site and enter your domain (e.g., khoavo.i234.me).

Step 2: Update DNS Records

  1. Cloudflare will scan your existing DNS records.
  2. Ensure your A records (pointing to your home IP) are set to Proxied (Orange Cloud icon).
    • Orange Cloud: Traffic goes through Cloudflare -> Your NAS. (IP Hidden, DDoS Protected)
    • Grey Cloud: Traffic goes directly to your NAS. (IP Exposed, No Protection)

Step 3: Configure SSL/TLS

  1. Go to the SSL/TLS tab in Cloudflare.
  2. Set the mode to Full (Strict) if your NAS has a valid certificate, or Flexible if it doesn't.

Step 4: Firewall Rules (Optional but Recommended)

  1. Go to Security > WAF.
  2. Create a rule to Block traffic from countries you don't expect visitors from.
  3. Enable Bot Fight Mode to block automated attacks.

Why this is necessary?

When you host a website on your NAS, your domain khoavo.i234.me translates directly to your home IP address. Anyone on the internet can see this IP. By using Cloudflare as a "middleman", visitors only see Cloudflare's IP, keeping your home network safe.