Is there a way to protect the myapp.replit.app url? When I connect it to my domain, for instance my app.mydomain.com , it can be secured, but still , the app is still available through myapp.replit.app and I found no way to secure this. Being trying to get a clear answer from Replit support for weeks but to no avail. I’m not angry or anything , I know they’re extremely busy and am impressed with the myriad features they add every few days.
I think if I want to fully secure my Replit developed web app I’ll have no other option , in the meantime , but to host the whole thing in my server and do all the plumbing , which seems quite complicated to me …
Hey I’m not entirely sure what you mean by this, but from what I think you’re saying:
We use Google Cloud Armor on deployments, do you want to use some different Cloudflare rules or something that could be bypassed via the replit.app subdomain?
This would deny any requests not from the Cloudflare orange cloud proxy servers. This would make it so your site can quickly deny any requests not from CF, mitigating some forms of attacks. But it would not prevent non-CF traffic from hitting your servers entirely.
Disabling replit.app subdomain / more firewall controls on Replit deployments would be feature request and something we’d have to add to the roadmap on our side.
Thank you! Your answer is exactly what i was looking for.
Google Cloud Armor has also ddos and waf protection, this is more than enough for me.
Disabling the replit.app subdomain for an app could be very useful, since search engines could rank it before the app’s domain ( ie myapp.replit.app will show before myapp.mydomain.com ) but now that i think about it, one easier implementation could be to give the possibility to make the replit.app access private (while leaving the user’s associated domain public/untouched) or some other way to limit direct access to the replit.app url .