Nginx Security HTTP/2 Rapid Reset DDOS Attack Vulnerability CVE-2023-44487

Cloudflare $25/month or $240/yr for Cloudflare Pro plan is one of the best investments you can make If you need features beyond Cloudflare Free plan. And you'd need Cloudflare Pro plan for more detailed Cloudflare Traffic, Cache and Security Firewall and WAF analytics.

Cloudflare Free plan is usually enough for folks just wanting a free CDN and some protection and to take advantage of HTTP/3 QUIC.

Sometimes Cloudflare Free plan gets features first too like Cloudflare Post-Quatum Key Exchange Agreements based origin connections. How Centmin Mod users can use it too https://blog.centminmod.com/2023/10...68-key-exchange-support-in-centmin-mod-nginx/

---

 

Indeed it's relative to each person's importance of their web site operations. For instance, I've been migrating parts of Centmin Mod's site infrastructure to Cloudflare Workers or Pages (latter is free) to allow them to scale better with better reliability and uptime In some instances a load balancer is no longer needed.

 

Yes but still taking into account the free CDN bandwidth and R2 S3 compatible object storage's free egree bandwidth costs compared to the alternatives out there, you still have a huge net benefit cost wise even if you are paying $20-25 per month for Pro plan + $5 per month for Cloudflare Workers for first 10 million requests per month. Not yo mention the Cloudflare WAF firewall.

But for small sites I can see they may not justify the cost. Cloudflare does have Web Analytics not to be confused with Traffic Analytics which like Google Analytics is just placing JavaScript tracking code on site based and site foes not even have to be on Cloudflare https://www.cloudflare.com/en-au/web-analytics/

docs https://developers.cloudflare.com/analytics/web-analytics/

Also depending on how many sites you have, you can add additional sites to a single Cloudflare free or paid account as Cloudflare for SaaS custom hostname (which is a feature for available https://blog.cloudflare.com/cloudflare-for-saas/) to extend your Cloudflare paid accounts coverage to non hosted Cloudflare domains. I touched on this for Cloudflare Business plan but works on Pro plans too https://blog.centminmod.com/2022/05/19/2794/what-are-the-benefits-of-using-cloudflare-business-plan/.

I've done this to extend Cloudflare Business or Enterprise plan features to domains not using Cloudflare as well

So with Cloudflare For SaaS on $25/month Pro plan you could extend Cloudflare service coverage to 10 other hostnames with varying features and limitations based on plan https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/ and https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/plans/. Unfortunately apex custom domain SaaS is Enterprise only so www OK but non-www apex not supported on Pro, Business plans

 

Well back on topic, Nginx has official released 1.25.3 with the security patch fix + other bug fixes https://nginx.org/en/CHANGES. Centmin Mod users can just run command, cmupdate and then run centmin.sh menu option 4 to recompile/update to 1.25.3 version

 

Official news post https://community.centminmod.com/th...os-attack-vulnerability-cve-2023-44487.24186/

 

Centmin Mod 124.00stable installs Nginx 1.24.0 stable version out of box. CentminMod 130.00beta01 installs Nginx 1.25.3 mainline version out of the box. Nginx odd numbered versions like Nginx 1.21 and 1.23, and 1.25 are mainline branchs for Nginx which have latest features, bug fixes and security fixes. Nginx stable are even numbers like Nginx 1.20, 1.22 and 1.24 and don't contain latest features and only have majory bug/security fixes usually. Nginx stable 1.24 won't have minor big fixes like Nginx mainline 1.25.x. Each year Nginx will promote prior mainline to stable i.e. Nginx 1.26 stable will be based off one years worth of Nginx 1.25 mainline and a new mainline Nginx 1.27 will continue the cycle.

Personally, I only ever use Nginx mainline releases because of it gets all the new features and big updates so use Nginx 1.25.3 now