Security on vanityURLs

Accents, IDN, and short-link slugs

Mon, 01 Jun 2026 00:00:00 +0000

Accents belong in people names, page copy, titles, and destination websites. They do not belong in vanityURLs short-link slugs.

That sounds stricter than the modern web really is. Browsers can show internationalized domain names. URLs can carry UTF-8 characters. Search engines can crawl paths with accents. People share links in many languages every day.

The problem is not whether the internet can represent accents. It can. The problem is whether a short-link slug remains easy to type, review, compare, log, and defend when the same visible word can have more than one technical representation.

Do not turn every Cloudflare knob

Thu, 28 May 2026 00:00:00 +0000

The Cloudflare dashboard is not a checklist.

That is the rule. A vanityURLs instance has a narrow job: serve short links from a Worker, keep operational pages behind Access, and let Cloudflare reject obvious noise before application code runs. The baseline controls are documented in Network protection. The product inventory is documented in Cloudflare products.

This post is the negative space. It names the knobs that should stay off unless an operator has a reason that survives writing down.

Keep scanner traffic out of the Worker

Fri, 22 May 2026 00:00:00 +0000

A short-link redirector looks simple: receive a slug, look up a destination, redirect.

The internet supplies the rest. PHP probes. WordPress paths. Odd methods. Bot traffic. Crawlers. Repeated misses for slugs nobody created.

The Worker should not be the first place that noise gets expensive. vanityURLs keeps the Worker small and deterministic, then uses Cloudflare edge controls for traffic that should never spend Worker CPU or analytics quota.

Block Before Runtime

The Worker still validates destinations and runtime policy. That is the last line of defense, not the first.

Protecting the reputation of a short-link domain

Fri, 22 May 2026 00:00:00 +0000

A short-link domain is only useful while people trust it. The domain may be small, personal, internal, or quiet, but browsers, mail providers, scanners, security tools, and recipients still judge it by the destinations it serves.

That is why vanityURLs treats policy as part of the runtime, not as an optional cleanup task. A redirector can make good links easier to remember, but it can also hide phishing pages, malware downloads, redirect chains, undisclosed trackers, and destinations people did not reasonably expect.

Runtime security for a small redirector

Fri, 22 May 2026 00:00:00 +0000

Short-link domains are small targets with oversized consequences. A bad redirect can damage trust quickly, and scanner traffic can arrive before the domain is even public. That is why vanityURLs treats simplicity as a security feature, not an aesthetic preference.

The runtime is not a public link-submission service. It is not a database-backed web application. It is a Git-built redirect engine: validate the registry, deploy static assets, read generated data, and return a redirect, protected page, disabled page, expired page, or localized 404.

The current v8s architecture

Fri, 15 May 2026 00:00:00 +0000

The current v8s release is built around a small contract: keep the runtime simple, keep the source of truth in Git, and push abuse filtering as close to the edge as possible.

The instance model

An instance has two kinds of files:

defaults/ contains the product defaults, public operational pages, blocklist defaults, robots and LLM crawler guidance, and scripts that should be updated from upstream
custom/ contains the instance-owned links, schedules, policy replacement, branding, legal pages, and any intentionally local public files

That split is the upgrade story. If instance owners keep their work in custom/, future releases can refresh defaults/ and scripts/ without trampling local content.