Update READMEs

README.md

@@ -4,9 +4,10 @@ This is a test project. It's created to put together all the knowledge I have ab
 
 ## Applications and parts
 
-- [Spring Boot API](apps/api/README.md)
-- [React (Next.js) frontend app](apps/website/README.md)
-- [Keycloak SSO server](apps/keycloak/README.md)
+- [Spring Boot API (readme)](apps/api/README.md)
+- [React (Next.js) frontend app (readme)](apps/website/README.md)
+- [Keycloak SSO server (readme)](apps/keycloak/README.md)
+- [CloudFlare reverse proxying (readme)](REVERSE-PROXYING.md)
 
 ## Ideas
 
@@ -16,6 +17,8 @@ The project is hosted at Hetzner, using Kubernetes setup.
 The Continuous Integration is done using GitHub actions.
 The secrets are managed using Hashicorp Vault.
 
+DDOS mitigation is achieved by hiding the real IP address of the cluster entrypoints, by reverse proxying all the requests through CloudFlare system. It's known for being able to withstand attacks of a solid numbers of requests.
+
 ## Remarkable elements (please take a look at those)
 
 - [API Swagger UI](https://cars-reservation-api.nikitades.com/open/swagger-ui)

REVERSE-PROXYING.md

@@ -0,0 +1,7 @@
+# Cars Reservation System - Reverse proxying
+
+A typical distributed system usually wants to be safe from attacks. One of the affordable attack types is the Dedicated Denial of Service attack (DDOS). One of the best ways to prevent such attacks is to never reveal the direct addresses and domains of the apps, and instead to always reverse proxy it with some powerful tools.
+
+CloudFlare is such a tool. It accepts every request sent to an arbitrary domain and resends it to the entrypoint of the application cluster. The request is now authored not by the original sender but by a CloudFlare robot instead. To prevent the loss of the requests' fingerprint there are some HTTP headers commonly used to preserve this information (X_FORWARDED_FOR, stickyness tokens and others).
+
+This project is reverse proxied by CloudFlare.