I've run it in NonAnonymous mode as an experiment. Not to replace a CDN for DDoS protection but to replace the CDN as a way to anonymize where the server is because people play games to try to cancel hosting accounts when they get mad about topics being discussed. When they can't control the narrative they will start emailing abuse@ making false claims and some hosting providers are lazy. From the DDoS aspect, people could send Tor to 100% CPU but the httpd server wasn't even passing 1% CPU. This was long ago however so this observation is likely outdated. early days of v3
Nobody was able to decloak the server even being in NonAnonymous mode but the bigger issue was the ability to reach the server. At least at the time not many people had a browser that could talk to .onion sites. I don't know how many people use Brave or the Tor Browser these days so maybe now it would be less of an issue now. Maybe I will try it again soon. It's easy to send people to the Tor Onion version of your site using the Onion-Location header [1] to see how many people would be able to reach the .onion side of your site.
Nobody was able to decloak the server even being in NonAnonymous mode but the bigger issue was the ability to reach the server. At least at the time not many people had a browser that could talk to .onion sites. I don't know how many people use Brave or the Tor Browser these days so maybe now it would be less of an issue now. Maybe I will try it again soon. It's easy to send people to the Tor Onion version of your site using the Onion-Location header [1] to see how many people would be able to reach the .onion side of your site.
[1] - https://community.torproject.org/onion-services/advanced/oni...