The observability culture shapes development and devops in powerful ways. We were able to identify a signal indicating that the server was handling traffic that was nefarious and took resources away from legitimate users. We made a hypothesis about what we wanted to try and do to positively impact that signal. Since we started with observability, we have the ability to evaluate the work we did and determine if we were successful or not and if more work is needed.
What if we could also guarantee that any ssh requests had to also go through Cloudflare? In other words, what if we didn’t accept ssh requests to the server IP but could force those through Cloudflare as well? This post describes options for just that through Cloudflare’s `cloudflared` service.
If you use Cloudflare, this post walks you through how to limit traffic to only their IP addresses, forcing access to your server to be subjected to Cloudflare security features.