Ofufuza ochokera ku mayunivesite a Hamburg ndi Cologne
njira yatsopano yowukira pamaneti operekera zinthu ndi ma proxies a caching - (Cache-Poisoned Denial-of-Service). Kuwukirako kumalola mwayi wopezeka patsamba kuti ukanidwe kudzera mu poizoni wa cache.
Vutoli ndi chifukwa chakuti ma CDN cache sikuti amangomaliza zopempha, komanso zochitika pamene seva ya http imabweretsa zolakwika. Monga lamulo, ngati pali zovuta pakupanga zopempha, seva imatulutsa cholakwika cha 400 (Choyipa Choyipa); Chokhacho ndi IIS, chomwe chimatulutsa cholakwika cha 404 (Sizinapezeke) pamitu yayikulu kwambiri. Muyezo umangolola zolakwika ndi ma code 404 (Sizinapezeke), 405 (Njira Yosaloledwa), 410 (Gone) ndi 501 (Sizinagwiritsidwe Ntchito) kuti zisungidwe, koma ma CDN ena amasunganso mayankho ndi khodi 400 (Chopempha Choyipa), chomwe chimadalira pa pempho lotumizidwa.
Owukira atha kupangitsa kuti chida choyambirira chibwezere cholakwika cha "400 Bad Request" potumiza pempho ndi mitu ya HTTP yopangidwa mwanjira inayake. Mitu iyi siyimaganiziridwa ndi CDN, kotero zambiri zakulephera kupeza tsambalo zidzasungidwa, ndipo zopempha zina zonse zovomerezeka za ogwiritsa ntchito nthawi yake isanathe zitha kubweretsa cholakwika, ngakhale tsamba loyambirira limapereka zomwe zili. popanda mavuto.
Zosankha zitatu zowukira zaperekedwa kuti zikakamize seva ya HTTP kubweza cholakwika:
- HMO (HTTP Method Override) - wowukira amatha kupitilira njira yofunsira yoyambirira kudzera pa "X-HTTP-Method-Override", "X-HTTP-Method" kapena "X-Method-Override" mitu, mothandizidwa ndi maseva ena, koma osaganiziridwa mu CDN. Mwachitsanzo, mukhoza kusintha njira yoyambirira ya "GET" kukhala njira ya "DELETE", yomwe ili yoletsedwa pa seva, kapena njira ya "POST", yomwe siigwiritsidwe ntchito pa statics;
- HHO (HTTP Header Oversize) - wowukira amatha kusankha kukula kwamutu kuti adutse malire a seva yoyambira, koma sagwera mkati mwa zoletsa za CDN. Mwachitsanzo, Apache httpd imachepetsa kukula kwa mutu ku 8 KB, ndipo Amazon Cloudfront CDN imalola mitu mpaka 20 KB;
- HMC (HTTP Meta Character) - wowukira akhoza kuyika zilembo zapadera muzopempha (\n, \r, \a), zomwe zimawonedwa ngati zosavomerezeka pa seva yoyambira, koma zimanyalanyazidwa mu CDN.
Chomwe chikhoza kuvutitsidwa kwambiri chinali CloudFront CDN yogwiritsidwa ntchito ndi Amazon Web Services (AWS). Amazon tsopano yakonza vutoli poletsa kusungitsa zolakwika, koma zidatengera ofufuza kupitilira miyezi itatu kuti awonjezere chitetezo. Nkhaniyi idakhudzanso Cloudflare, Varnish, Akamai, CDN77 ndi
Mwamsanga, koma kuukira kudzera mwa iwo kumangokhala kwa ma seva omwe amagwiritsa ntchito IIS, ASP.NET, и . , kuti 11% ya madera a US Department of Defense, 16% ya ma URL kuchokera ku HTTP Archive database ndi pafupifupi 30% ya mawebusaiti apamwamba a 500 omwe ali ndi Alexa akhoza kugwidwa.
Monga njira yothanirana ndi kuukira kwa tsambalo, mutha kugwiritsa ntchito mutu wa "Cache-Control: no-store", womwe umaletsa kusungitsa mayankho. M'ma CDN ena, mwachitsanzo.
CloudFront ndi Akamai, mutha kuletsa kusungitsa zolakwika pamlingo wokonda mbiri. Kuti mutetezeke, mutha kugwiritsanso ntchito ma firewall a pa intaneti (WAF, Web Application Firewall), koma ayenera kukhazikitsidwa kumbali ya CDN kutsogolo kwa makamu osungira.
Source: opennet.ru