{"id":1878,"date":"2025-11-15T18:51:13","date_gmt":"2025-11-15T15:51:13","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/origini-korumak-cloudflare-authenticated-origin-pulls-ve-mtls-ile-gercek-kaynak-dogrulamasi\/"},"modified":"2025-11-15T18:51:13","modified_gmt":"2025-11-15T15:51:13","slug":"origini-korumak-cloudflare-authenticated-origin-pulls-ve-mtls-ile-gercek-kaynak-dogrulamasi","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/origini-korumak-cloudflare-authenticated-origin-pulls-ve-mtls-ile-gercek-kaynak-dogrulamasi\/","title":{"rendered":"Origin\u2019i Korumak: Cloudflare Authenticated Origin Pulls ve mTLS ile Ger\u00e7ek Kaynak Do\u011frulamas\u0131"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Hikayenin_Baslangici_Kaynaga_Kadar_Guven\"><span class=\"toc_number toc_depth_1\">1<\/span> Hik\u00e2yenin Ba\u015flang\u0131c\u0131: Kayna\u011fa Kadar G\u00fcven<\/a><\/li><li><a href=\"#Authenticated_Origin_Pulls_Kapida_Rozet_Kontrolu\"><span class=\"toc_number toc_depth_1\">2<\/span> Authenticated Origin Pulls: Kap\u0131da Rozet Kontrol\u00fc<\/a><ul><li><a href=\"#Cloudflare_neden_kim_cekti_diye_soruyor\"><span class=\"toc_number toc_depth_2\">2.1<\/span> Cloudflare neden \u201ckim \u00e7ekti\u201d diye soruyor?<\/a><\/li><\/ul><\/li><li><a href=\"#mTLS_El_Sikisirken_Iki_Tarafin_da_Kimligi_Dogrulansin\"><span class=\"toc_number toc_depth_1\">3<\/span> mTLS: El S\u0131k\u0131\u015f\u0131rken \u0130ki Taraf\u0131n da Kimli\u011fi Do\u011frulans\u0131n<\/a><ul><li><a href=\"#Tek_tarafli_TLS_cift_tarafli_guven_ve_kucuk_fark\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Tek tarafl\u0131 TLS, \u00e7ift tarafl\u0131 g\u00fcven ve k\u00fc\u00e7\u00fck fark<\/a><\/li><\/ul><\/li><li><a href=\"#Kurulumun_Mantigi_Nginx_ve_Apache_Uzerinden_Yuruyelim\"><span class=\"toc_number toc_depth_1\">4<\/span> Kurulumun Mant\u0131\u011f\u0131: Nginx ve Apache \u00dczerinden Y\u00fcr\u00fcyelim<\/a><ul><li><a href=\"#Mesela_soyle_dusunun_dizisini_acalim\"><span class=\"toc_number toc_depth_2\">4.1<\/span> \u201cMesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn\u2026\u201d dizisini a\u00e7al\u0131m<\/a><\/li><\/ul><\/li><li><a href=\"#Sertifika_Yonetimi_Dongu_Otomasyon_ve_Rahat_Nefes\"><span class=\"toc_number toc_depth_1\">5<\/span> Sertifika Y\u00f6netimi: D\u00f6ng\u00fc, Otomasyon ve Rahat Nefes<\/a><ul><li><a href=\"#Rutin_bir_is_haline_getirmek\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Rutin bir i\u015f haline getirmek<\/a><\/li><\/ul><\/li><li><a href=\"#Gercek_Hayattan_Aksakliklar_Nerede_Takilir_Nasil_Cozulur\"><span class=\"toc_number toc_depth_1\">6<\/span> Ger\u00e7ek Hayattan Aksakl\u0131klar: Nerede Tak\u0131l\u0131r, Nas\u0131l \u00c7\u00f6z\u00fcl\u00fcr?<\/a><ul><li><a href=\"#Hata_400_Ama_neden\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Hata 400\u2026 Ama neden?<\/a><\/li><\/ul><\/li><li><a href=\"#AOP_mi_mTLS_mi_Yoksa_Ikisi_Birlikte_mi\"><span class=\"toc_number toc_depth_1\">7<\/span> AOP mi, mTLS mi, Yoksa \u0130kisi Birlikte mi?<\/a><ul><li><a href=\"#Katmanli_guvenin_tadi\"><span class=\"toc_number toc_depth_2\">7.1<\/span> Katmanl\u0131 g\u00fcvenin tad\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#DNS_Anycast_ve_Yol_Boyunca_Guven\"><span class=\"toc_number toc_depth_1\">8<\/span> DNS, Anycast, ve Yol Boyunca G\u00fcven<\/a><ul><li><a href=\"#Yonlendiren_sistemler_sasirtmayan_dogrulama\"><span class=\"toc_number toc_depth_2\">8.1<\/span> Y\u00f6nlendiren sistemler, \u015fa\u015f\u0131rtmayan do\u011frulama<\/a><\/li><\/ul><\/li><li><a href=\"#Cloudflare_Tunnel_Private_Network_ve_mTLS_Perde_Arkasi_Buyusu\"><span class=\"toc_number toc_depth_1\">9<\/span> Cloudflare Tunnel, Private Network ve mTLS: Perde Arkas\u0131 B\u00fcy\u00fcs\u00fc<\/a><ul><li><a href=\"#Kalabaliklasan_topolojilerde_sade_kalmak\"><span class=\"toc_number toc_depth_2\">9.1<\/span> Kalabal\u0131kla\u015fan topolojilerde sade kalmak<\/a><\/li><\/ul><\/li><li><a href=\"#Performans_Onbellek_ve_Ya_Yavaslarsa_Endisesi\"><span class=\"toc_number toc_depth_1\">10<\/span> Performans, \u00d6nbellek ve \u201cYa Yava\u015flarsa?\u201d Endi\u015fesi<\/a><ul><li><a href=\"#Guven_hiz_guzel_bir_ikili\"><span class=\"toc_number toc_depth_2\">10.1<\/span> G\u00fcven + h\u0131z, g\u00fczel bir ikili<\/a><\/li><\/ul><\/li><li><a href=\"#Uygulamali_Yol_Haritasi_Sifirdan_Canliya\"><span class=\"toc_number toc_depth_1\">11<\/span> Uygulamal\u0131 Yol Haritas\u0131: S\u0131f\u0131rdan Canl\u0131ya<\/a><ul><li><a href=\"#Basit_adimlar_akici_kurulum\"><span class=\"toc_number toc_depth_2\">11.1<\/span> Basit ad\u0131mlar, ak\u0131c\u0131 kurulum<\/a><\/li><\/ul><\/li><li><a href=\"#Guvenlik_Kulturu_Kucuk_Aliskanliklarin_Buyuk_Etkisi\"><span class=\"toc_number toc_depth_1\">12<\/span> G\u00fcvenlik K\u00fclt\u00fcr\u00fc: K\u00fc\u00e7\u00fck Al\u0131\u015fkanl\u0131klar\u0131n B\u00fcy\u00fck Etkisi<\/a><ul><li><a href=\"#Gunun_sonunda_insan_surec_ve_ufak_dokunuslar\"><span class=\"toc_number toc_depth_2\">12.1<\/span> G\u00fcn\u00fcn sonunda insan, s\u00fcre\u00e7 ve ufak dokunu\u015flar<\/a><\/li><\/ul><\/li><li><a href=\"#Kapanis_Originin_Kapisini_Dogru_Anahtarla_Ac\"><span class=\"toc_number toc_depth_1\">13<\/span> Kapan\u0131\u015f: Origin\u2019in Kap\u0131s\u0131n\u0131 Do\u011fru Anahtarla A\u00e7<\/a><ul><li><a href=\"#Toparlayalim_ve_kucuk_bir_veda\"><span class=\"toc_number toc_depth_2\">13.1<\/span> Toparlayal\u0131m ve k\u00fc\u00e7\u00fck bir veda<\/a><\/li><\/ul><\/li><\/ul><\/div>\n<h2 id=\"section-1\"><span id=\"Hikayenin_Baslangici_Kaynaga_Kadar_Guven\">Hik\u00e2yenin Ba\u015flang\u0131c\u0131: Kayna\u011fa Kadar G\u00fcven<\/span><\/h2>\n<p>Hi\u00e7 ba\u015f\u0131n\u0131za geldi mi? Trafik ya\u011f gibi ak\u0131yor, grafikler ne\u015feyle k\u0131p\u0131rdan\u0131yor, derken bir gece yar\u0131s\u0131 uykunuzu b\u00f6len bir bildirim: \u201cOrigin yo\u011fun istek al\u0131yor.\u201d Klasik; CDN katman\u0131 ta\u015f gibi duruyor ama kayna\u011fa biri kap\u0131 arkas\u0131ndan s\u0131zmaya \u00e7al\u0131\u015f\u0131yor. O an d\u00fc\u015f\u00fcnd\u00fcm, asl\u0131nda \u00e7o\u011fu y\u00fck\u00fcm\u00fcz\u00fc bulutta hafifletiyoruz, katmanlar kuruyoruz, duvarlar \u00e7ekiyoruz ama <strong>kayna\u011f\u0131n ger\u00e7ekten kime konu\u015ftu\u011funu<\/strong> garanti alt\u0131na almak bazen es ge\u00e7iliyor. \u201cTLS var ya\u201d diyoruz. Var da, <strong>sunucunun kimi kabul etti\u011fini ispatlayan \u015fey<\/strong> her zaman ortada olmuyor. \u0130\u015fte tam burada Cloudflare\u2019\u0131n <strong>Authenticated Origin Pulls<\/strong> \u00f6zelli\u011fi ve <strong>mTLS<\/strong> (kar\u015f\u0131l\u0131kl\u0131 TLS) sahneye \u00e7\u0131k\u0131yor.<\/p>\n<p>Bug\u00fcn seninle \u015fu yolu y\u00fcr\u00fcmek istiyorum: Cloudflare \u00fczerinden gelen iste\u011fin ger\u00e7ekten Cloudflare\u2019dan geldi\u011fini nas\u0131l do\u011frular\u0131z, araya giren h\u0131nz\u0131r trafi\u011fi nas\u0131l elimizin tersiyle iteriz ve mTLS\u2019le bu ili\u015fkiyi nas\u0131l \u00e7ift tarafl\u0131 g\u00fcvene d\u00f6n\u00fc\u015ft\u00fcr\u00fcr\u00fcz. Mesela \u015f\u00f6yle d\u00fc\u015f\u00fcn: Kap\u0131da bir g\u00f6revli var ve \u201c\u015fifreyi bilen\u201d herkesi i\u00e7eri al\u0131yor. G\u00fczel. Ama bir de iste\u011fi getiren ki\u015finin \u00fczerinde <strong>\u00f6zel bir rozet<\/strong> olsun, rozetin arkas\u0131nda da imzas\u0131n\u0131 do\u011frulayabilece\u011fin bir sertifika zinciri. \u0130\u015fte bu yaz\u0131da, o rozeti nas\u0131l takaca\u011f\u0131m\u0131z\u0131, kayna\u011fa \u201ci\u00e7eri sadece g\u00fcvenilir el\u00e7i girsin\u201d demeyi konu\u015faca\u011f\u0131z.<\/p>\n<p>Sonuna geldi\u011finde \u015funlar\u0131 cebine koymu\u015f olacaks\u0131n: Authenticated Origin Pulls nedir, mTLS nas\u0131l kurulur, Nginx ya da Apache\u2019de hangi tu\u015flara basman gerekir, sertifika y\u00f6netimini nas\u0131l dert etmezsin, log ve hata senaryolar\u0131nda nereden yakalas\u0131n. Kendi deneyimimce, par\u00e7a par\u00e7a \u00f6\u011frendi\u011fim ipu\u00e7lar\u0131n\u0131 da aralara serpi\u015ftirece\u011fim. Hadi ba\u015flayal\u0131m.<\/p>\n<h2 id=\"section-2\"><span id=\"Authenticated_Origin_Pulls_Kapida_Rozet_Kontrolu\">Authenticated Origin Pulls: Kap\u0131da Rozet Kontrol\u00fc<\/span><\/h2>\n<h3><span id=\"Cloudflare_neden_kim_cekti_diye_soruyor\">Cloudflare neden \u201ckim \u00e7ekti\u201d diye soruyor?<\/span><\/h3>\n<p>Cloudflare \u00f6n\u00fcnde duran bir kalkan gibi. \u0130stekler \u00f6nce ona geliyor, o da gerekirse cache\u2019den cevap veriyor ya da origin\u2019e gidip \u00e7ekiyor. Peki origin\u2019e gidenin ger\u00e7ekten Cloudflare oldu\u011fundan nas\u0131l emin olaca\u011f\u0131z? IP listeleri var, evet. Ama IP kontrol\u00fc tek ba\u015f\u0131na yeterli de\u011fil; \u00e7\u00fcnk\u00fc a\u011fda rota de\u011fi\u015fir, vekil katmanlar eklenir, bir anl\u0131k yanl\u0131\u015f yap\u0131land\u0131rma seni yan\u0131lt\u0131r. <strong>Authenticated Origin Pulls<\/strong> tam olarak bu y\u00fczden var: Cloudflare, origin\u2019e giderken bir <strong>istemci sertifikas\u0131<\/strong> sunar, origin de bu sertifikay\u0131 do\u011frular. B\u00f6ylece \u201cBu istek Cloudflare\u2019dan geliyor\u201d demek laf olmaktan \u00e7\u0131kar, kriptografik bir kan\u0131ta d\u00f6n\u00fc\u015f\u00fcr.<\/p>\n<p>Bazen \u015f\u00f6yle soruluyor: \u201cCloudflare taraf\u0131nda bir d\u00fc\u011fmeye basmak yetmiyor mu?\u201d Yetiyor ve yetmiyor. Evet, Cloudflare panelinden ya da API ile AOP\u2019yi a\u00e7\u0131yorsun ve Cloudflare bir istemci sertifikas\u0131 ile geliyor. Ama <strong>esas mesele origin\u2019de gere\u011fini yapmak<\/strong>. Yani Nginx ya da Apache\u2019ye \u201cmisafir sertifika g\u00f6stermeyene servis yok\u201d demeyi \u00f6\u011fretmen gerekiyor. Basit; ama do\u011fru yerleri s\u0131kmadan, do\u011fru zincirleri do\u011frulamak \u00f6nemli.<\/p>\n<p>Daha \u00e7ok detay\u0131 merak edenler i\u00e7in Cloudflare\u2019\u0131n bu konudaki sayfas\u0131 olduk\u00e7a net: <a href=\"https:\/\/developers.cloudflare.com\/ssl\/origin-configuration\/authenticated-origin-pull\/\" target=\"_blank\" rel=\"noopener nofollow\">authenticated origin pulls dok\u00fcman\u0131<\/a>. Ama ben burada ad\u0131m ad\u0131m, \u201ckurarken nerede t\u00f6kezlenir\u201d d\u00fczeyinde gidelim istiyorum.<\/p>\n<h2 id=\"section-3\"><span id=\"mTLS_El_Sikisirken_Iki_Tarafin_da_Kimligi_Dogrulansin\">mTLS: El S\u0131k\u0131\u015f\u0131rken \u0130ki Taraf\u0131n da Kimli\u011fi Do\u011frulans\u0131n<\/span><\/h2>\n<h3><span id=\"Tek_tarafli_TLS_cift_tarafli_guven_ve_kucuk_fark\">Tek tarafl\u0131 TLS, \u00e7ift tarafl\u0131 g\u00fcven ve k\u00fc\u00e7\u00fck fark<\/span><\/h3>\n<p>Normalde taray\u0131c\u0131 ile site konu\u015furken, taray\u0131c\u0131 sitenin sertifikas\u0131n\u0131 do\u011frular. Site kendini ispatlar. Taray\u0131c\u0131 kendini ispatlamak zorunda de\u011fildir. \u0130\u015fte mTLS, \u201cben de benim diyenlerden misin?\u201d diyerek <strong>istemciden de sertifika isteme<\/strong> halidir. Cloudflare bu noktada <strong>istemci rol\u00fcn\u00fc<\/strong> \u00fcstlenir ve origin\u2019e sertifika sunar. Origin de, \u201ctamam, bu sertifika benim g\u00fcvenilir listemde\u201d diyerek trafi\u011fi kabul eder. B\u00f6ylece sadece \u201c\u015fifreli\u201d olmakla kalmaz, <strong>kimlik do\u011frulamas\u0131 \u00e7ift tarafl\u0131<\/strong> yap\u0131lm\u0131\u015f olur.<\/p>\n<p>G\u00fczel yan\u0131 \u015fu: AOP ve mTLS birle\u015fti\u011finde, CDN\u2019den gelmeyen bir istek do\u011frudan origin\u2019e ula\u015fsa bile reddedilir. Bir yerde IP bir \u015feyler kar\u0131\u015fsa ya da DNS\u2019te anl\u0131k bir \u015fa\u015fa ya\u015fansa, konfig\u00fcrasyonda s\u0131k\u0131lan tek bir vida ile \u201corigin sahas\u0131na yabanc\u0131 giremez\u201d diyebilirsin. Ben bunu \u00f6zellikle staging ve prod ayr\u0131m\u0131nda rahatlat\u0131c\u0131 buluyorum. \u00c7\u00fcnk\u00fc zaman zaman test ortamlar\u0131 yanl\u0131\u015fl\u0131kla d\u0131\u015fa a\u00e7\u0131l\u0131r, o anda mTLS kafan\u0131 kurtar\u0131r.<\/p>\n<p>Cloudflare\u2019\u0131n istemci sertifikalar\u0131yla ilgili sayfas\u0131na da bakman\u0131 \u00f6neririm: <a href=\"https:\/\/developers.cloudflare.com\/ssl\/client-certificates\/\" target=\"_blank\" rel=\"noopener nofollow\">Cloudflare client sertifikalar\u0131<\/a>. Burada mant\u0131k sade; \u00f6nemli olan, origin\u2019in sertifika zincirini do\u011fru tan\u0131mas\u0131.<\/p>\n<h2 id=\"section-4\"><span id=\"Kurulumun_Mantigi_Nginx_ve_Apache_Uzerinden_Yuruyelim\">Kurulumun Mant\u0131\u011f\u0131: Nginx ve Apache \u00dczerinden Y\u00fcr\u00fcyelim<\/span><\/h2>\n<h3><span id=\"Mesela_soyle_dusunun_dizisini_acalim\">\u201cMesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn\u2026\u201d dizisini a\u00e7al\u0131m<\/span><\/h3>\n<p>Mesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn: Nginx\u2019te bir sunucu blo\u011funuz var ve yaln\u0131zca Cloudflare\u2019dan gelen iste\u011fi kabul etmek istiyorsunuz. Bunun i\u00e7in iki ana \u015fey yapars\u0131n\u0131z. Birincisi, <strong>client sertifikas\u0131n\u0131 zorunlu k\u0131lars\u0131n\u0131z<\/strong>. \u0130kincisi, <strong>bu sertifikay\u0131 kime g\u00fcvenece\u011finizi<\/strong> s\u00f6yleyen bir \u201ctrust store\u201d g\u00f6sterirsiniz. Cloudflare\u2019\u0131n yay\u0131nlad\u0131\u011f\u0131 istemci sertifikas\u0131n\u0131 veya sertifika otoritesini Nginx\u2019e tan\u0131t\u0131rs\u0131n\u0131z. Sonra, \u201csertifikay\u0131 do\u011frulayamad\u0131ysan 400 ile kapat\u201d dersiniz. Bu kadar.<\/p>\n<p>Apache i\u00e7in de benzer. Mod_ssl ile istemci sertifikas\u0131n\u0131 zorunlu hale getirip do\u011frulamay\u0131 a\u00e7ars\u0131n\u0131z. Burada dikkat edilecek bir nokta, <strong>ara sertifikalar<\/strong> ve <strong>zincirin tamam\u0131<\/strong>. Nginx bazen \u201ctrusted_certificate\u201d alt\u0131nda tam zinciri g\u00f6rmek ister. Apache de ayn\u0131 \u015fekilde \u201cSSLCACertificateFile\u201d i\u00e7in do\u011fru dosya ister. Yanl\u0131\u015f dosyay\u0131 g\u00f6sterdi\u011finizde, her \u015fey do\u011fru gibi g\u00f6r\u00fcn\u00fcr ama istekleriniz 400\u2019lenir. \u0130lk denemelerde en \u00e7ok burada t\u00f6kezleniyor.<\/p>\n<p>Bir de k\u00fc\u00e7\u00fck ama \u00f6nemli bir ayr\u0131nt\u0131: <strong>HTTP\/2 ve HTTP\/3<\/strong> kullanan Cloudflare ak\u0131\u015f\u0131nda bazen proxy protokolleri ve ba\u015fl\u0131klar farkl\u0131 davran\u0131r. mTLS taraf\u0131 i\u00e7in kritik olmasa da, log\u2019larda arad\u0131\u011f\u0131n\u0131z IP\u2019yi bulamay\u0131nca pani\u011fe gerek yok. X-Forwarded-For veya CF-Connecting-IP gibi ba\u015fl\u0131klara bak\u0131p ger\u00e7ek istemciyi, TLS katman\u0131nda da sertifika do\u011frulama sonu\u00e7lar\u0131n\u0131 ayr\u0131 d\u00fc\u015f\u00fcn\u00fcn. AOP, origin\u2019e \u201ciste\u011fi ben getiriyorum\u201d diyor; istemci kimli\u011fi ba\u015fka bir hik\u00e2ye.<\/p>\n<h2 id=\"section-5\"><span id=\"Sertifika_Yonetimi_Dongu_Otomasyon_ve_Rahat_Nefes\">Sertifika Y\u00f6netimi: D\u00f6ng\u00fc, Otomasyon ve Rahat Nefes<\/span><\/h2>\n<h3><span id=\"Rutin_bir_is_haline_getirmek\">Rutin bir i\u015f haline getirmek<\/span><\/h3>\n<p>\u0130\u015fin g\u00fczel yan\u0131, bu sertifikalar devasa bir karga\u015fa yaratm\u0131yor. Ama do\u011fru bir <strong>otomasyon<\/strong> kurmazsan, zamanla k\u00fc\u00e7\u00fck hatalar b\u00fcy\u00fcyor. Bir projede ilk kez mTLS a\u00e7t\u0131\u011f\u0131mda \u201cbir daha u\u011fra\u015fmam\u201d diye d\u00fc\u015f\u00fcnm\u00fc\u015ft\u00fcm; \u00fc\u00e7 ay sonra sertifika yenileme tarihi geldi\u011finde, \u201changi dosyayd\u0131, hangi klas\u00f6rdeydi\u201d diye loglarda gezindim. O g\u00fcn bug\u00fcn, konfig\u00fcrasyon dosyalar\u0131na <strong>yorum sat\u0131rlar\u0131<\/strong> eklemeyi ve sertifika yollar\u0131n\u0131 sistemde mant\u0131kl\u0131 yerlere yerle\u015ftirmeyi al\u0131\u015fkanl\u0131k haline getirdim.<\/p>\n<p>E\u011fer kendi i\u00e7 servislerin i\u00e7in istemci sertifikas\u0131 \u00fcretip d\u00f6nd\u00fcr\u00fcyorsan, ACME ile tan\u0131\u015f\u0131kl\u0131\u011f\u0131n varsa bu i\u015f iyice tatl\u0131 hale gelir. ACME\u2019ye dayal\u0131 bir ak\u0131\u015fta, yenileme i\u015fi bir cron\u2019a bakar ve <strong>kesintisiz rotasyon<\/strong> m\u00fcmk\u00fcn olur. Konuyla ilgili daha geni\u015f bir senaryoyu, sertifika otoritelerini yedeklemek ve limitlere tak\u0131lmadan yenilemek ba\u015fl\u0131klar\u0131yla birlikte \u015fu yaz\u0131da detayland\u0131rm\u0131\u015ft\u0131m: <a href=\"https:\/\/www.dchost.com\/blog\/acme-otomasyonunda-yedekli-ca-nasil-kurulur-acme-sh-ile-lets-encrypt-%e2%86%92-zerossl-fallback-oran-limitlerine-karsi-guvenli-olcekleme\/\" target=\"_blank\" rel=\"noopener\">ACME otomasyonunda yedekli CA kurma ve fallback ile g\u00fcvenli \u00f6l\u00e7ekleme<\/a>. Buradaki mant\u0131\u011f\u0131 mTLS taraf\u0131na da uyarlayabilirsin.<\/p>\n<p>Cloudflare\u2019\u0131n kendi istemci sertifikalar\u0131 i\u00e7in y\u00f6netim ad\u0131mlar\u0131 basit. Ancak origin\u2019in kabul etti\u011fi trust store\u2019u da g\u00fcncel tutman gerekiyor. K\u00fc\u00e7\u00fck bir ipucu: Sertifika dosyalar\u0131n\u0131 ayr\u0131 bir dizinde tutup \u201ccurrent.pem\u201d gibi bir sembolik link ile Nginx\/Apache konfig\u00fcrasyonuna g\u00f6sterirsen, yenilemede yaln\u0131zca linki g\u00fcncelleyip servis yeniden y\u00fcklemesi ile tertemiz bir ge\u00e7i\u015f yapars\u0131n. B\u00f6ylece \u201cdosya ad\u0131 de\u011fi\u015fti, konfig\u00fcrasyon k\u0131r\u0131ld\u0131\u201d riskini de s\u0131f\u0131rlars\u0131n.<\/p>\n<h2 id=\"section-6\"><span id=\"Gercek_Hayattan_Aksakliklar_Nerede_Takilir_Nasil_Cozulur\">Ger\u00e7ek Hayattan Aksakl\u0131klar: Nerede Tak\u0131l\u0131r, Nas\u0131l \u00c7\u00f6z\u00fcl\u00fcr?<\/span><\/h2>\n<h3><span id=\"Hata_400_Ama_neden\">Hata 400\u2026 Ama neden?<\/span><\/h3>\n<p>\u0130lk a\u00e7t\u0131\u011f\u0131nda en s\u0131k g\u00f6rece\u011fin \u015fey 400 hatas\u0131d\u0131r. mTLS zorunlu ise ve istemci sertifikas\u0131 bekleniyorsa, Cloudflare taraf\u0131nda AOP aktif de\u011filse istekler pat\u0131r pat\u0131r geri d\u00f6ner. Panik yok. \u00d6nce Cloudflare panelinde zone veya hostname d\u00fczeyinde <strong>Authenticated Origin Pulls<\/strong> ger\u00e7ekten a\u00e7\u0131k m\u0131 bak. \u0130kinci ad\u0131mda, origin \u00fczerinde <strong>do\u011fru CA\/sertifika zincirine<\/strong> referans verip vermedi\u011fini kontrol et. Log\u2019larda \u201cunknown ca\u201d veya \u201cno required SSL certificate was sent\u201d gibi mesajlar g\u00f6r\u00fcrs\u00fcn; ikisi farkl\u0131 sorunu i\u015faret eder. Biri \u201csertifika geldi ama tan\u0131m\u0131yorum\u201d, di\u011feri \u201csertifika gelmedi\u201d diyor.<\/p>\n<p>Bazen, kaynakta ba\u015fka bir \u015fey daha devreye girer: WAF ya da rate limiting gibi katmanlar. AOP ve mTLS sa\u011fl\u0131kl\u0131 olsa bile \u00fcstteki kurallar \u201cben bu pattern\u2019i sevmiyorum\u201d diyerek trafi\u011fi k\u0131s\u0131verir. O y\u00fczden sorun giderirken katmanlar\u0131 <strong>tek tek<\/strong> eleyerek ilerle. Ben, mTLS\u2019i kurdu\u011fum g\u00fcnlerde akses loglar\u0131 bir ekranda, error loglar\u0131 ayr\u0131 bir ekranda a\u00e7\u0131yorum. Cloudflare taraf\u0131nda da etkinlik g\u00fcnl\u00fc\u011f\u00fcne bak\u0131p, \u201cistek bana geldi mi, ben g\u00f6nderdim mi\u201d izini s\u00fcr\u00fcyorum.<\/p>\n<p>Bu arada, Cloudflare\u2019\u0131n <strong>dok\u00fcmantasyon \u00f6rnekleri<\/strong> ile birebir gitmeye \u00e7al\u0131\u015f\u0131rken, sunucunun OpenSSL s\u00fcr\u00fcm\u00fc ya da derleme parametreleri gibi k\u00fc\u00e7\u00fck farklar bazen s\u00fcrpriz \u00e7\u0131karabiliyor. \u00c7ok teknik detaylara girmeden \u015funu s\u00f6yleyeyim: E\u011fer Nginx\u2019te beklenmedik bir davran\u0131\u015f g\u00f6r\u00fcyorsan, \u201cssl_verify_client on\u201d gibi direktiflerin do\u011fru blokta oldu\u011fundan ve \u201cssl_client_certificate\u201d ile \u201cssl_trusted_certificate\u201d ayr\u0131m\u0131n\u0131 do\u011fru yapt\u0131\u011f\u0131ndan emin ol. Apache\u2019de de benzer \u015fekilde \u201cSSLVerifyClient require\u201d ve \u201cSSLCACertificateFile\u201d kombinasyonu do\u011fru yerde mi, bunu kontrol et.<\/p>\n<h2 id=\"section-7\"><span id=\"AOP_mi_mTLS_mi_Yoksa_Ikisi_Birlikte_mi\">AOP mi, mTLS mi, Yoksa \u0130kisi Birlikte mi?<\/span><\/h2>\n<h3><span id=\"Katmanli_guvenin_tadi\">Katmanl\u0131 g\u00fcvenin tad\u0131<\/span><\/h3>\n<p>Authenticated Origin Pulls asl\u0131nda mTLS\u2019in pratik hayata ge\u00e7irilmi\u015f, Cloudflare\u2019a \u00f6zg\u00fc bir kullan\u0131m \u015fekli. \u0130stedi\u011finde bir ad\u0131m ileri gidip, <strong>tam te\u015fekk\u00fcll\u00fc mTLS<\/strong> ile <strong>\u00f6zel istemci sertifikan<\/strong> \u00fczerinden daha s\u0131k\u0131 bir do\u011frulama yapabilirsin. Baz\u0131 kurulumlarda AOP yeterli gelir; \u00e7\u00fcnk\u00fc Cloudflare, kendi istemci sertifikas\u0131yla zaten \u201cbenim\u201d diyor. Baz\u0131lar\u0131nda ise kurum politikalar\u0131, \u00f6zel bir CA\u2019dan imzalanm\u0131\u015f <strong>m\u00fc\u015fteriye \u00f6zg\u00fc<\/strong> istemci sertifikas\u0131 ister. \u0130kisi de m\u00fcmk\u00fcn. As\u0131l kritik olan, \u201corigin\u2019e do\u011frudan istek kabul etmiyorum\u201d ilkesini sa\u011flamla\u015ft\u0131rmak.<\/p>\n<p>Benim yakla\u015f\u0131m\u0131m \u015fu oldu: \u00d6nce AOP ile temel kilidi tak\u0131yorum. Sonra, ihtiya\u00e7 varsa mTLS\u2019i \u00f6zelle\u015ftirip, belirli hostname\u2019lerde <strong>\u00e7ok daha s\u0131k\u0131 do\u011frulama<\/strong> \u015fart\u0131 koyuyorum. B\u00f6ylece riskli uygulamalarda g\u00fcveni art\u0131r\u0131rken, daha az kritik olanlarda esnek kal\u0131yorum. Bu denge, ekiplerin \u00f6zg\u00fcvenini de art\u0131r\u0131yor. \u00c7\u00fcnk\u00fc herkes bilir ki, katmanlar\u0131n her biri ayr\u0131 ayr\u0131 koruyor ve biri \u015fa\u015farsa di\u011feri tutuyor.<\/p>\n<h2 id=\"section-8\"><span id=\"DNS_Anycast_ve_Yol_Boyunca_Guven\">DNS, Anycast, ve Yol Boyunca G\u00fcven<\/span><\/h2>\n<h3><span id=\"Yonlendiren_sistemler_sasirtmayan_dogrulama\">Y\u00f6nlendiren sistemler, \u015fa\u015f\u0131rtmayan do\u011frulama<\/span><\/h3>\n<p>G\u00fcven i\u015fini yaln\u0131zca TLS katman\u0131na y\u0131\u011fmak zorunda de\u011filsin. DNS taraf\u0131nda do\u011fru kurgulanm\u0131\u015f bir yerle\u015fim, failover senaryolar\u0131nda ba\u015f\u0131na i\u015f a\u00e7maz. Katmanl\u0131 g\u00fcvenin en g\u00fczel yan\u0131, bir yerde esneme olsa bile t\u00fcm sistem ayakta kal\u0131r. \u00c7ok sa\u011flay\u0131c\u0131l\u0131 DNS ge\u00e7i\u015fleri yap\u0131yorsan, mTLS ve AOP ile ayn\u0131 anda oynad\u0131\u011f\u0131nda bile hizmet akmaya devam eder. Bu konuyu farkl\u0131 ba\u011flamda anlat\u0131rken, <strong>zero-downtime<\/strong> ge\u00e7i\u015flerin nas\u0131l tatl\u0131 tatl\u0131 y\u00fcr\u00fcd\u00fc\u011f\u00fcn\u00fc \u015fu rehberde toplam\u0131\u015ft\u0131m. \u0130lgini \u00e7ekerse, <a href=\"https:\/\/www.dchost.com\/blog\/coklu-saglayici-dns-nasil-kurulur-octodns-ile-zero%e2%80%91downtime-gecis-ve-dayaniklilik-rehberi\/\" target=\"_blank\" rel=\"noopener\">octoDNS ile dayan\u0131kl\u0131 ge\u00e7i\u015f ak\u0131\u015f\u0131<\/a> \u00f6rnekleri g\u00fczel esin veriyor.<\/p>\n<p>Yolun kendisi kadar, yoldaki tabelalar da \u00f6nemli. Origin kimli\u011fini do\u011frularken, DNS ve y\u00f6nlendirme taraf\u0131ndaki etiketleri de d\u00fczenli tutarsan, sorun an\u0131nda \u201ca\u011f m\u0131, TLS mi, uygulama m\u0131\u201d diye gezinmezsin. Kendi prati\u011fimde, hata an\u0131nda <strong>par\u00e7alay\u0131c\u0131 sorular<\/strong> sormay\u0131 al\u0131\u015fkanl\u0131k edindim: \u0130stek bana geldi mi? Ben ona geri d\u00f6nd\u00fcm m\u00fc? D\u00f6nemediysem nerede tak\u0131ld\u0131m? Bu k\u00fc\u00e7\u00fck checklist, log\u2019lar\u0131n aras\u0131nda kaybolmay\u0131 engelliyor.<\/p>\n<h2 id=\"section-9\"><span id=\"Cloudflare_Tunnel_Private_Network_ve_mTLS_Perde_Arkasi_Buyusu\">Cloudflare Tunnel, Private Network ve mTLS: Perde Arkas\u0131 B\u00fcy\u00fcs\u00fc<\/span><\/h2>\n<h3><span id=\"Kalabaliklasan_topolojilerde_sade_kalmak\">Kalabal\u0131kla\u015fan topolojilerde sade kalmak<\/span><\/h3>\n<p>Bazen origin do\u011frudan internete \u00e7\u0131kmak zorunda de\u011fildir. Cloudflare Tunnel, arka u\u00e7taki servisin \u00fczerine bir t\u00fcnel a\u00e7arak \u201cpublic IP yok, ama d\u00fcnya eri\u015febiliyor\u201d konforu sa\u011flar. T\u00fcnelin arkas\u0131na mTLS ve AOP ekledi\u011finde, \u00fc\u00e7 katmanl\u0131 bir huzur elde edersin. D\u0131\u015far\u0131dan bakan \u201ckap\u0131 yok\u201d der, i\u00e7erideki \u201cgelen kim\u201d sorusunun cevab\u0131 da nettir. Cloudflare One taraf\u0131ndaki mTLS kurgular\u0131na g\u00f6z atmak istersen, <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/connections\/connect-networks\/private-net\/mtls\/\" target=\"_blank\" rel=\"noopener nofollow\">private network ve mTLS notlar\u0131<\/a> iyi bir rehber olur.<\/p>\n<p>Bu yakla\u015f\u0131m\u0131 seviyorum, \u00e7\u00fcnk\u00fc ekipler b\u00fcy\u00fcd\u00fck\u00e7e dokunulan yer say\u0131s\u0131 art\u0131yor. T\u00fcnel \u00fczerinde tutarl\u0131 politikalar, origin \u00fczerinde zorunlu mTLS ve Cloudflare katman\u0131nda AOP a\u00e7\u0131ld\u0131\u011f\u0131nda, yeni eklenen servislerde \u201cvarsay\u0131lan g\u00fcvenli\u201d ba\u015fl\u0131yoruz. Sonradan a\u00e7\u0131k kap\u0131 aramak yerine, kap\u0131lar\u0131 ba\u015ftan sadece do\u011fru anahtarla a\u00e7\u0131l\u0131r kuruyoruz.<\/p>\n<h2 id=\"section-10\"><span id=\"Performans_Onbellek_ve_Ya_Yavaslarsa_Endisesi\">Performans, \u00d6nbellek ve \u201cYa Yava\u015flarsa?\u201d Endi\u015fesi<\/span><\/h2>\n<h3><span id=\"Guven_hiz_guzel_bir_ikili\">G\u00fcven + h\u0131z, g\u00fczel bir ikili<\/span><\/h3>\n<p>G\u00fcven deyince akla bazen yava\u015fl\u0131k gelir. Oysa AOP ve mTLS, do\u011fru kuruldu\u011funda g\u00f6zle g\u00f6r\u00fcn\u00fcr bir yava\u015fl\u0131k yaratmaz. \u00c7\u00fcnk\u00fc sertifika do\u011frulamas\u0131 el s\u0131k\u0131\u015fma s\u0131ras\u0131nda bir kez yap\u0131l\u0131r ve ba\u011flant\u0131 devam ettik\u00e7e bir daha ayn\u0131 masrafa girmezsin. \u00dcstelik Cloudflare zaten \u00f6nbellek \u00fczerinde g\u00fc\u00e7l\u00fc. Origin\u2019e sadece gerekti\u011finde gidiyor. Bu y\u00fczden \u201cekstra g\u00fcven, ekstra gecikme\u201d korkusu genelde bo\u015fa \u00e7\u0131kar. Benim g\u00f6rd\u00fc\u011f\u00fcm, yava\u015fl\u0131k \u015fik\u00e2yetleri daha \u00e7ok yanl\u0131\u015f y\u00f6nlendirmeler veya gereksiz yeniden el s\u0131k\u0131\u015fmalardan geliyor. Keepalive ve do\u011fru TLS ayarlar\u0131 burada kurtar\u0131c\u0131d\u0131r.<\/p>\n<p>Bir de k\u00fc\u00e7\u00fck bir not: Sertifikalar\u0131 do\u011frularken zinciri diskten okuma veya y\u00fckleme bi\u00e7imi de mikro farklar yarat\u0131r. E\u011fer \u00e7ok yo\u011fun trafikte milisaniyelerin pe\u015findeysen, Nginx\u2019in y\u00fckleme d\u00fczenini ve a\u00e7\u0131k dosya s\u0131n\u0131rlar\u0131n\u0131 g\u00f6zden ge\u00e7ir. Ama \u00e7o\u011fu uygulamada bu kadarc\u0131k ayr\u0131nt\u0131ya inmeye gerek kalm\u0131yor. \u00d6nce sa\u011flam do\u011frulama, sonra gerekiyorsa cilalama.<\/p>\n<h2 id=\"section-11\"><span id=\"Uygulamali_Yol_Haritasi_Sifirdan_Canliya\">Uygulamal\u0131 Yol Haritas\u0131: S\u0131f\u0131rdan Canl\u0131ya<\/span><\/h2>\n<h3><span id=\"Basit_adimlar_akici_kurulum\">Basit ad\u0131mlar, ak\u0131c\u0131 kurulum<\/span><\/h3>\n<p>Ben yeni bir projede \u015funu yap\u0131yorum. Bir: Cloudflare\u2019da ilgili hostname i\u00e7in <strong>Authenticated Origin Pulls<\/strong>\u2019u a\u00e7\u0131yorum. \u0130ki: Origin sunucuda Nginx veya Apache konfig\u00fcrasyonunda istemci sertifikas\u0131n\u0131 zorunlu k\u0131l\u0131yorum ve Cloudflare\u2019\u0131n yay\u0131mlad\u0131\u011f\u0131 sertifika\/CA\u2019y\u0131 g\u00fcvenilen listeye ekliyorum. \u00dc\u00e7: Test i\u00e7in staging bir hostname \u00fczerinde deniyorum, \u00fcretim trafi\u011fini ak\u0131t\u0131p log\u2019lar\u0131 izliyorum. D\u00f6rt: Sertifika dosya yollar\u0131n\u0131 netle\u015ftirip rotasyon stratejisini yaz\u0131yorum. Be\u015f: Alarm ve g\u00f6zlemi ekliyorum; mTLS do\u011frulama hatalar\u0131 i\u00e7in anlaml\u0131 uyar\u0131 \u015fart.<\/p>\n<p>Bu ak\u0131\u015f ta\u015f gibi duruyor. \u00c7\u00fcnk\u00fc bir defa kurduktan sonra i\u015fler rutine biniyor. S\u00fcrprizleri seviyorsan ayr\u0131, ama \u00fcretim ortam\u0131 s\u00fcrpriz sevmez. Her \u015feyin ad\u0131 san\u0131 belli olsun, yenileme tarihleri ve dosya yollar\u0131 ortada olsun, hata an\u0131nda kimin neye bakaca\u011f\u0131 belli olsun. Bu kadar. Sen de bir s\u00fcre sonra \u201cAOP ve mTLS bizim i\u00e7in varsay\u0131lan\u201d demeye ba\u015fl\u0131yorsun.<\/p>\n<h2 id=\"section-12\"><span id=\"Guvenlik_Kulturu_Kucuk_Aliskanliklarin_Buyuk_Etkisi\">G\u00fcvenlik K\u00fclt\u00fcr\u00fc: K\u00fc\u00e7\u00fck Al\u0131\u015fkanl\u0131klar\u0131n B\u00fcy\u00fck Etkisi<\/span><\/h2>\n<h3><span id=\"Gunun_sonunda_insan_surec_ve_ufak_dokunuslar\">G\u00fcn\u00fcn sonunda insan, s\u00fcre\u00e7 ve ufak dokunu\u015flar<\/span><\/h3>\n<p>AOP ve mTLS birer ara\u00e7. As\u0131l mesele, bu ara\u00e7lar\u0131 g\u00fcndelik \u00e7al\u0131\u015fma bi\u00e7iminin par\u00e7as\u0131 yapmak. Konfig\u00fcrasyon de\u011fi\u015fiklikleri i\u00e7in kod inceleme zorunlulu\u011fu, prod\u2019a \u00e7\u0131karken k\u00fc\u00e7\u00fck bir checklist, sertifika yenileme alarm\u0131 ve log\u2019lar\u0131n d\u00fczenli g\u00f6zden ge\u00e7irilmesi\u2026 Bu k\u00fc\u00e7\u00fck al\u0131\u015fkanl\u0131klar zinciri, pahal\u0131 sorunlar\u0131n \u00f6n\u00fcne ge\u00e7iyor. Ben bir yerde \u201cneden b\u00f6yle oldu\u201d diye soruyorsam, \u00e7ok b\u00fcy\u00fck ihtimalle s\u00fcre\u00e7te k\u00fc\u00e7\u00fck bir bo\u015fluk b\u0131rakm\u0131\u015f\u0131md\u0131r. Kapatt\u0131k\u00e7a ferahlars\u0131n.<\/p>\n<p>\u0130stersen bu \u00e7emberi daha da g\u00fc\u00e7lendirmek i\u00e7in, uygulama katman\u0131nda ek ba\u015fl\u0131k do\u011frulamalar\u0131 ya da imza kontrol\u00fc yapabilirsin. Ama unutma, \u00f6nce <strong>temel g\u00fcven<\/strong> oturmal\u0131. AOP ve mTLS o temel. \u00dczerine ekledi\u011fin her \u015fey, zaten iyi olan\u0131 daha iyi hale getirir. Yeter ki karma\u015fay\u0131 b\u00fcy\u00fctme. Sade kal, anla\u015f\u0131l\u0131r kal.<\/p>\n<h2 id=\"section-13\"><span id=\"Kapanis_Originin_Kapisini_Dogru_Anahtarla_Ac\">Kapan\u0131\u015f: Origin\u2019in Kap\u0131s\u0131n\u0131 Do\u011fru Anahtarla A\u00e7<\/span><\/h2>\n<h3><span id=\"Toparlayalim_ve_kucuk_bir_veda\">Toparlayal\u0131m ve k\u00fc\u00e7\u00fck bir veda<\/span><\/h3>\n<p>Bug\u00fcn \u015funu konu\u015ftuk: Origin\u2019i ger\u00e7ekten kimin arad\u0131\u011f\u0131n\u0131 bilmek, gecenin bir yar\u0131s\u0131 gelen \u201ctrafik artt\u0131\u201d mesaj\u0131na sakince bakabilmenin anahtar\u0131. <strong>Cloudflare Authenticated Origin Pulls<\/strong> ile Cloudflare\u2019\u0131n ger\u00e7ekten o oldu\u011funu, <strong>mTLS<\/strong> ile de bu ili\u015fkinin \u00e7ift tarafl\u0131 g\u00fcvene dayand\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fck. Nginx ve Apache\u2019de k\u00fc\u00e7\u00fck dokunu\u015flarla, do\u011fru sertifika zincirini i\u015faret ederek ve basit bir otomasyonla bu yap\u0131y\u0131 kurabilirsin. Testi staging\u2019de yap, log\u2019lar\u0131n\u0131 izle, hatay\u0131 okurken katman katman d\u00fc\u015f\u00fcn. Bitti gitti.<\/p>\n<p>Pratik tavsiye: Sertifika yollar\u0131n\u0131 yal\u0131n tut, yenilemeyi otomatikle\u015ftir, alarm kur, dok\u00fcmantasyonunu iki sat\u0131rla bile olsa g\u00fcncel b\u0131rak. Bir de ufak bir hat\u0131rlatma; e\u011fer ACME\u2019yi seviyorsan, mTLS taraf\u0131ndaki sertifika yenilemelerini de ayn\u0131 disipline \u00e7ekmek i\u015fleri \u00e7ok kolayla\u015ft\u0131r\u0131yor. Cloudflare\u2019\u0131n <a href=\"https:\/\/developers.cloudflare.com\/ssl\/origin-configuration\/authenticated-origin-pull\/\" target=\"_blank\" rel=\"noopener nofollow\">AOP sayfas\u0131na<\/a> ve <a href=\"https:\/\/developers.cloudflare.com\/ssl\/client-certificates\/\" target=\"_blank\" rel=\"noopener nofollow\">istemci sertifikalar\u0131 notlar\u0131na<\/a> g\u00f6z atmay\u0131 da unutma. Umar\u0131m bu yaz\u0131 sana yol g\u00f6sterici olmu\u015ftur. Sorular\u0131n olursa her zaman beklerim; bir sonraki yaz\u0131da g\u00f6r\u00fc\u015fmek \u00fczere.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Hik\u00e2yenin Ba\u015flang\u0131c\u0131: Kayna\u011fa Kadar G\u00fcven2 Authenticated Origin Pulls: Kap\u0131da Rozet Kontrol\u00fc2.1 Cloudflare neden \u201ckim \u00e7ekti\u201d diye soruyor?3 mTLS: El S\u0131k\u0131\u015f\u0131rken \u0130ki Taraf\u0131n da Kimli\u011fi Do\u011frulans\u0131n3.1 Tek tarafl\u0131 TLS, \u00e7ift tarafl\u0131 g\u00fcven ve k\u00fc\u00e7\u00fck fark4 Kurulumun Mant\u0131\u011f\u0131: Nginx ve Apache \u00dczerinden Y\u00fcr\u00fcyelim4.1 \u201cMesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn\u2026\u201d dizisini a\u00e7al\u0131m5 Sertifika Y\u00f6netimi: D\u00f6ng\u00fc, Otomasyon ve Rahat Nefes5.1 Rutin [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1879,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-1878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=1878"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1878\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/1879"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=1878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=1878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=1878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}