Just stumbled across this (overly dramatic?) article and thought I’d just post it here…
It’s more to act as a reminder that if you’ve got a NAS that is serving content to the interwebs, then make sure it’s behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.
Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.
I’ve used Squid and HAProxy over the years (mostly on my pfSense box) - but I’d be interested to know if there’s other options that I’ve not heard of
Depending on the login flow, I have a lot of stuff behind an oauth proxy. So that you have to have a working 2fa account to see the non 2fa system behind.
I must get around to looking into 2FA / MFA sooooon (next ~5 years)
Did you find it really straight forward to get setup?
I think the fear of getting started with these things is sometimes worth it (home system offline for days) but often it’s quite simple…?
It is very simple, I run it from docker and it can plug into all sorts of places, I have nginx config that I could share if it helps.
This is the tool https://oauth2-proxy.github.io/oauth2-proxy/