The subject is a quote of Maxim D. in a discussion found here:
It would be nice to have a detailed list of SPDY functionality that
could be
used as a DDoS vector. And it would be even better, to have an nginx
configuration example to workaround each problem without simply
disabling
features.
Last, should there be a default configuration in nginx/spdy which
prevents
the abuse for DDoS attacks?
Any thoughts?
Thanks.
Posted at Nginx Forum:
I would like to second this.
I think what you both request is interesting.
However, I would like to push the analysis further.
Is seems SPDY design is flawed because it enables flexibility and offer
new
features compared to HTTP without taking into account the very basis of
a
protocol: being efficient by allowing quick and inexpensive routing of
its
packets.
Some other projects drafted towards HTTP/2.0 are made with efficiency in
mind.
One of them is called HTTPbis and has been first drated mid-2012 by 4
interesting guys: Willy Tarreau (HAProxy), Poul‐Henning Kamp (Varnish),
Adrien de Croy (WinGate) and Amos Jeffries (Squid).
Look at that: 1 load-balancing guy, 1 cache one and 2 proxy ones…
Those
guys definitely want to avoid leveraging (D)Dos attacks!
They coopareta with other teams (SPDY one being one of them), but I like
the approach they took at the very beginning.
B. R.
OK, thanks for your lights on this.
They chose to work with SPDY, right, but are their ideas being
followed-up
to SPDY?
Or will their protocol stay on a parallel path? The problem would then
be
that SPDY is backed by a major networking actor which name start with a
G…
B. R.
Hey,
Some other projects drafted towards HTTP/2.0 are made with efficiency in
mind.
One of them is called HTTPbis and has been first drated mid-2012 by 4
interesting guys: Willy Tarreau (HAProxy), Poul‐Henning Kamp (Varnish),
Adrien de Croy (WinGate) and Amos Jeffries (Squid).
Look at that: 1 load-balancing guy, 1 cache one and 2 proxy ones… Those
guys definitely want to avoid leveraging (D)Dos attacks!
HTTPbis isn’t a protocol, it’s the name of an IETF working group
responsible developing and maintaining HTTP.
What you’re referring to is called “Network-Friendly HTTP Upgrade”:
But HTTPbis chose SPDY as a base for HTTP/2.0, so there is no point in
adding support for all the proposed alternatives (even if they are
indeed better).
Best regards,
Piotr S.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs