You don't need mTLS for that. Just block all IPs beside for Cloudflare's ranges.

I haven't used iodine, but this seems simpler. Iodine wraps requests with actual DNS requests. In this case that wasn't needed, because port 53 wasn't filtered at all. So all they needed was a simple proxy on port 53.

iodine automatically checks several modes a "simple" proxy on port 53 being one of them. If you're trying to sneak traffic through this kind of block, it is really the first tool to try.

What's wrong with Amcrest IP cameras?

Was wondering the same. I have 10 and they have been pretty good.

(But they are on a VLAN without internet access.)

aria-hidden="true" should take care of that.

Check out Modsecurity WAF and CoreRuleSet.

Doesn't that mean that you're charging extra from those that don't care about updates to subsidize them for those that do?

I think everyone cares about updates to some degree. Doesn't have to be about big feature updates, just continuous fixes for various small bugs and performance improvements can improve you user experience quite a bit.

If you used XPipe a year ago, it's night and day compared to today in terms of features, stability, and performance.

that's how software as a service works.

Can't you check the Referer?

No: https://hackertimes.com/item?id=42817750

It's linked in the post.

Ahh, I did read the post but missed seeing the link!

Why not Cloud Domains?

you mean google cloud domains? They shut it down together with google domains (it still runs, but you cannot register a new domain).