Aside from writing/modifying a browser to reject webp and webm, HTTP should already address the format problem via the Accept header and Not Acceptable status. What should happen is that a user can set the browser to send "Accept: image/png, image/jpg" when getting images, a HTTP compliant server reports if it can't, and a rogue server trying to send something else doesn't work. Trying to spoof the type should just cause image parsing to fail.
If switching png for webp ever works then the browser and server are as bad as each other. The CDN server could alter the image of course, but that is just the classic hotlink problem which has been around for decades (ref. "The requested image has been deleted", or annoyed sysadmins replacing hotlinked stuff with porn).
It sucks but I don't know of a better way for handling a DDOS attack.
If you had more resources than the average webhost then you could try to simulate wack a mole by changing how domain licenses function or have a script that detects a DDOS and just pastes the site back up to a different server on a different IP and changes where the the URL directs the intended users essentially this would double your hosting costs but with prevelence of CDNs it might dissuade attackers. But I imagine webhosts would advertise the feature and regular attackers would know to keep trying.
Any Certificate Authority (CA) that comes pre-installed in your browser is capable of issuing a security certificate that is capable of being used for this sort of man-in-the-middle attack.
Web security is designed to keep out low level arbitrary attacks, but the big guys can own almost anything they want at any time.
(((They))) wrestled control of the DNS system years ago to make this type of attack easier for themselves.
This is dumb. Cloudflare doesn't randomly break encryption. Website owners CHOOSE TO configure cloudflare to be the web facing certificate to a. obscure the real site ip and b. Protect against ddos.
[ + ] SithEmpire
[ - ] SithEmpire 1 point 7 monthsSep 24, 2023 03:40:28 ago (+1/-0)
If switching png for webp ever works then the browser and server are as bad as each other. The CDN server could alter the image of course, but that is just the classic hotlink problem which has been around for decades (ref. "The requested image has been deleted", or annoyed sysadmins replacing hotlinked stuff with porn).
[ + ] rabidR04CH
[ - ] rabidR04CH 2 points 7 monthsSep 23, 2023 12:13:35 ago (+2/-0)
[ + ] Kozel
[ - ] Kozel 0 points 7 monthsSep 24, 2023 00:14:20 ago (+0/-0)
[ + ] Sheitstrom
[ - ] Sheitstrom 2 points 7 monthsSep 23, 2023 11:25:14 ago (+2/-0)
[ + ] _Obrez
[ - ] _Obrez 2 points 7 monthsSep 23, 2023 10:56:39 ago (+2/-0)
If you had more resources than the average webhost then you could try to simulate wack a mole by changing how domain licenses function or have a script that detects a DDOS and just pastes the site back up to a different server on a different IP and changes where the the URL directs the intended users essentially this would double your hosting costs but with prevelence of CDNs it might dissuade attackers. But I imagine webhosts would advertise the feature and regular attackers would know to keep trying.
[ + ] ModernGuilt
[ - ] ModernGuilt 6 points 7 monthsSep 23, 2023 11:02:58 ago (+6/-0)*
[ + ] observation1
[ - ] observation1 4 points 7 monthsSep 23, 2023 12:10:41 ago (+4/-0)
Later, lavasoft's adaware.
[ + ] allAheadFull
[ - ] allAheadFull 1 point 7 monthsSep 23, 2023 23:01:55 ago (+1/-0)
Any Certificate Authority (CA) that comes pre-installed in your browser is capable of issuing a security certificate that is capable of being used for this sort of man-in-the-middle attack.
Web security is designed to keep out low level arbitrary attacks, but the big guys can own almost anything they want at any time.
(((They))) wrestled control of the DNS system years ago to make this type of attack easier for themselves.
[ + ] CasualObserver
[ - ] CasualObserver 0 points 7 monthsSep 24, 2023 08:12:44 ago (+0/-0)