/favicon/favicon.svg

DNS - Lockdown domains that do not send emails

I’ve setup a few domains recently that won’t be used to send emails (well, certainly not presently). It’s good security practice for the domain to specifically state that fact in the DNS records and each time I have to do it, I find myself digging around for the boilerplate I use to do it. As an aide-memoir, this short post summarises everything in the following table - For reference, this Cloudflare article explains the full details perfectly.

Cloudflare Zaraz - Tool Triggering based on Cookie Consent

I’ve previous been using Google Tag Manager (GTM) for additional content; Google Analytics, Google AdSense, Facebook Pixel, etc.. on another website. All additional content is, of course, controlled by cookie consent (in my case, using OneTrust) and set / agreed to by the user when they visit the site.

The following notes detail the initial stages of moving the work of the GTM ‘container’ over to the Cloudflare’s Zaraz service, which works in a similar way to GTM but provides site speed and security benefits as the work happens in the cloud rather than on the user’s / client device.

Cloudflare Zaraz - Using the HTTP Request Tool for Trigger setup / debug

Aside from its regular use-case, the HTTP Request tool can be used to verify combinations of “Firing Triggers” and “Blocking Triggers” and provide confidence that the triggers are doing what we expect.

The following instructions detail a simple setup to allow HTTP requests to be received from the Cloudflare HTTP Request Tool and then trigger it so we can see it do its thing.

Note
Alternative Options For Handling HTTP Requests (below) are of course possible, but the described solution in steps 1 and 2 is my favourite.

1. Setup a local listener

It could be as simple as a netcat session, but I’m using the fully featured httpbin server via a docker image

Cloudflare Zero Trust - Private Networks via WARP

I’ve finally got round to setting up all my machines to use Cloudflare “Zero Trust” (https://developers.cloudflare.com/cloudflare-one/). It’s excellent! Apart from those machines now being protected from all external network access, I now have Cloudflare Access on everything and can connect via ssh (and setup a tunnel for other things like Remote Desktop). All built on WireGuard technology too, yay!. Connections appear smoother and snappier than before. The service is free for up-to 50 users in an “organisation” too. 😎