I'm managing a cybersecurity team at a financial services firm, and I'm tasked with creating data loss prevention policies. One important part of this is testing email and web content inspection. Previously, we uploaded test files to third-party sites and monitored if uploads failed, which confirmed successful blocks. Now, I want to develop our own site for these uploads. My background is in computer science, but it's been nearly 20 years since I've done any web development, and I know things have significantly changed since then (like React, which I haven't used). I'm looking for guidance on the simplest way to approach building this site, which should allow file uploads and text entry, log attempts, and then immediately delete the content. I'll ensure it has necessary security measures in place. I also want to set up an SMTP server that logs emails sent to a specific address, noting the sender, subject, and timestamp before deleting the content. I can't change careers, so I'm not looking to reinvent the wheel—just some good advice on getting started. I've experimented with using Claude to build the site and wrap it in a Docker container, but I need a stable hosting solution that's accessible from our corporate network. Should I consider out-of-the-box hosting services, or would managing a Linux VM on DigitalOcean with Docker be better?
2 Answers
If you're not sure where to host your site, running your own SMTP server might be overly ambitious. If you're set on it, make sure to check the rules of your hosting provider; for instance, some will require you to explain your use case. Focus on using an email service for sending and receiving emails via webhooks instead. You can log metadata like sender and subject while discarding the content. For the upload tool, a simple backend like FastAPI or Node would work well; just log the uploads and delete them right away.
Since you've already got a Docker container from your efforts with Claude, using a basic Linux VM on a provider like DigitalOcean is definitely the way to go. Out-of-the-box platforms like Vercel or Heroku can complicate things when you try to open custom ports for your own SMTP receiver. A small droplet should suffice for running `docker compose up` without hassle. Just be wary: if this site is open to the internet, it will likely attract bots trying to spam your upload form. A web application firewall (WAF) or captcha is essential to filter out this noise, but keep in mind that it may interfere with automated tests you plan to run for DLP. You might want to look into automated captcha solvers to mitigate that issue—this way, you'll keep your site secure without disrupting your testing scripts! Welcome back to web dev; Docker makes things much simpler than they were back in the day!
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads