Cov kws tshawb fawb los ntawm University of Hamburg thiab Cologne
cov txheej txheem tawm tsam tshiab ntawm cov ntsiab lus xa tawm network thiab caching proxies - (Cache-Poisoned Denial-of-Service). Qhov kev tawm tsam tso cai rau nkag mus rau nplooj ntawv kom raug tsis lees paub los ntawm cache lom.
Qhov teeb meem yog vim qhov tseeb tias CDNs cache tsis tsuas yog ua tiav kev thov, tab sis kuj muaj xwm txheej thaum http server rov qab ua yuam kev. Raws li txoj cai, yog tias muaj teeb meem nrog kev thov, tus neeg rau zaub mov teeb meem 400 (Kev Thov Tsis Zoo) qhov yuam kev; qhov kev zam tsuas yog IIS, uas teeb meem 404 (Tsis Pom) yuam kev rau cov ntawv loj dhau. Tus qauv tsuas yog tso cai yuam kev nrog cov lej 404 (Tsis Pom), 405 (Txoj Kev Tsis Tso Cai), 410 (Tom Qab) thiab 501 (Tsis Siv Tau) kom tau cached, tab sis qee qhov CDNs kuj cache cov lus teb nrog code 400 (Kev Thov Tsis Zoo), uas nyob ntawm ntawm qhov kev thov xa tuaj.
Cov neeg tawm tsam tuaj yeem ua rau cov peev txheej qub rov qab "400 Bad Request" yuam kev los ntawm kev xa ib daim ntawv thov nrog HTTP headers formatted nyob rau hauv ib txoj kev. Cov headers no tsis raug coj mus rau hauv tus account los ntawm CDN, yog li cov ntaub ntawv hais txog qhov tsis muaj peev xwm nkag mus rau nplooj ntawv yuav raug cached, thiab tag nrho lwm cov neeg siv siv tau thov ua ntej lub sij hawm tas sij hawm yuav ua rau muaj kev ua yuam kev, txawm tias qhov tseeb ntawm qhov chaw pib ua haujlwm rau cov ntsiab lus. tsis muaj teeb meem.
Peb txoj kev tawm tsam tau raug thov kom yuam HTTP server kom rov qab qhov yuam kev:
- HMO (HTTP Method Override) - tus neeg tawm tsam tuaj yeem hla qhov kev thov thawj zaug los ntawm "X-HTTP-Method-Override", "X-HTTP-Method" lossis "X-Method-Override" headers, txhawb los ntawm qee cov servers, tab sis tsis suav nrog hauv CDN. Piv txwv li, koj tuaj yeem hloov qhov qub "GET" txoj kev mus rau "DELETE" txoj kev, uas yog txwv tsis pub ntawm lub server, lossis "POST" txoj kev, uas tsis muaj feem xyuam rau statics;
- HHO (HTTP Header Oversize) - tus neeg tawm tsam tuaj yeem xaiv lub header loj kom nws tshaj qhov txwv ntawm qhov chaw server, tab sis tsis poob rau hauv CDN txwv. Piv txwv li, Apache httpd txwv lub header loj rau 8 KB, thiab Amazon Cloudfront CDN tso cai rau headers txog 20 KB;
- HMC (HTTP Meta Character) - tus neeg tawm tsam tuaj yeem ntxig cov cim tshwj xeeb rau hauv qhov kev thov (\n, \r, \a), uas suav tias yog siv tsis raug ntawm lub server, tab sis tsis quav ntsej hauv CDN.
Qhov cuam tshuam tshaj plaws rau kev tawm tsam yog CloudFront CDN siv los ntawm Amazon Web Services (AWS). Tam sim no Amazon tau kho qhov teeb meem los ntawm kev ua haujlwm yuam kev caching, tab sis nws siv cov kws tshawb fawb ntau dua peb lub hlis los ntxiv kev tiv thaiv. Qhov teeb meem kuj cuam tshuam rau Cloudflare, Varnish, Akamai, CDN77 thiab
Ceev ceev, tab sis qhov kev tawm tsam los ntawm lawv tsuas yog txwv rau lub hom phiaj servers uas siv IIS, ASP.NET, и . , uas 11% ntawm US Department of Defense domains, 16% ntawm URLs los ntawm HTTP Archive database thiab txog 30% ntawm 500 lub vev xaib saum toj kawg nkaus qeb duas los ntawm Alexa tuaj yeem muaj feem cuam tshuam.
Raws li kev daws teeb meem los thaiv kev tawm tsam ntawm qhov chaw sab, koj tuaj yeem siv "Cache-Control: tsis muaj khw" header, uas txwv tsis pub teb caching. Hauv qee qhov CDNs, piv txwv li.
CloudFront thiab Akamai, koj tuaj yeem lov tes taw kev ua yuam kev caching ntawm qib profile. Rau kev tiv thaiv, koj tuaj yeem siv lub vev xaib firewalls (WAF, Web Application Firewall), tab sis lawv yuav tsum tau siv rau ntawm CDN sab pem hauv ntej ntawm caching hosts.
Tau qhov twg los: opennet.ru