Cloudflare usually blocks ‘unknown’ bots, which are basically bots that aren’t search crawlers. Also I’ve got Cloudflare setup to challenge requests for .zip, .tar.gz, or .bundle files, so that it doesn’t affect anyone unless they download from their browser.

There’s also probably a way to configure something similar in Anubis, if you don’t like a middleman snooping your requests.

I just used a bot to read it: https://web.archive.org/web/20250901133211/https://cheapskatesguide.org/articles/debian-netinstall-waf.html

It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.

They’re ‘shortlived’ 7 day certs, verified using a HTTP challenge. It doesn’t matter who owns the IP, it’s just a matter of who holds the IP.

It doesn’t look like the normal boot log for Linux (or FreeBSD), so I’m not sure what it is either.

Perhaps there was an easier lighter-weight way of doing this?

Yeah, SSH tunneling. What I would do (and have done in the past) is something like:

ssh -L 8080:192.168.0.1:80 myserver

That will forward port 8080 on your host to port 80 on 192.168.0.1, so you can access your router’s web UI with http://localhost:8080/ in your own web browser.

You can also setup full tunneling with SSH, but that requires messing around with SOCKS and I usually can’t be bothered.