Bafuputsi ba tsoang Univesithing ea Hamburg le Cologne
mokhoa o mocha oa tlhaselo ho marang-rang a phano ea litaba le li-proxies tsa caching - (Cache-Poisoned Denial-of-Service). Tlhaselo e lumella ho fihlella leqephe ho haneloa ka chefo ea cache.
Bothata bo bakoa ke taba ea hore li-CDN tsa cache ha li phethe likopo feela ka katleho, empa hape le maemo ha seva sa http se khutlisetsa phoso. E le molao, haeba ho e-na le mathata a ho etsa likopo, seva se fana ka phoso ea 400 (Bad Request); mokhelo feela ke IIS, e fanang ka phoso ea 404 (Ha e Fumane) bakeng sa lihlooho tse kholo haholo. Tekanyetso e lumella feela liphoso tse nang le likhoutu 404 (Ha e Fumane), 405 (Mokhoa ha oa Lumelloa), 410 (E felile) le 501 (Ha e Entsoe) ho bolokoa, empa li-CDN tse ling le tsona li boloka likarabo ka khoutu 400 (Kopo e Mpe), e itšetlehileng ka eona. ka kopo e rometsoeng.
Bahlaseli ba ka etsa hore mohloli oa pele o khutlisetse phoso ea "400 Bad Request" ka ho romela kopo ka lihlooho tsa HTTP tse hlophisitsoeng ka tsela e itseng. Lihlooho tsena ha li nkeloe hloohong ke CDN, kahoo tlhahisoleseling mabapi le ho se khone ho fihlella leqephe lena e tla bolokoa, 'me likopo tse ling tsohle tse nepahetseng tsa basebelisi pele nako e fela li ka baka phoso, leha sebaka sa pele se fana ka litaba. ntle le mathata.
Likhetho tse tharo tsa tlhaselo li hlahisitsoe ho qobella seva sa HTTP ho khutlisa phoso:
- HMO (HTTP Method Override) - mohlaseli a ka fetisa mokhoa oa kopo oa mantlha ka "X-HTTP-Method-Override", "X-HTTP-Method" kapa "X-Method-Override" lihlooho, tse tšehetsoeng ke li-server tse ling, empa ha e nkeloe hloohong ho CDN. Ka mohlala, u ka fetola mokhoa oa pele oa "GET" ho ea ho "DEELETE" mokhoa, o thibetsoeng ho seva, kapa mokhoa oa "POST", o sa sebetseng bakeng sa statics;
- HHO (HTTP Header Oversize) - mohlaseli a ka khetha boholo ba hlooho e le hore e fete moeli oa seva sa mohloli, empa ha e oele ka har'a lithibelo tsa CDN. Ka mohlala, Apache httpd e fokotsa boholo ba lihlooho ho 8 KB, 'me Amazon Cloudfront CDN e lumella lihlooho ho fihlela ho 20 KB;
- HMC (HTTP Meta Character) - mohlaseli a ka kenya litlhaku tse khethehileng kopong (\n, \r, \a), tse nkoang li sa sebetse ho seva sa mohloli, empa li hlokomolohuoa ho CDN.
E neng e hlaseloa ka ho fetisisa ke CloudFront CDN e sebelisoang ke Amazon Web Services (AWS). Amazon e se e lokisitse bothata ka ho tima caching ea liphoso, empa ho nkile bafuputsi nako e fetang likhoeli tse tharo ho eketsa ts'ireletso. Taba ena e ile ea boela ea ama Cloudflare, Varnish, Akamai, CDN77 le
Ka potlako, empa tlhaselo ka bona e lekanyelitsoe ho li-server tse shebiloeng tse sebelisang IIS, ASP.NET, и . , hore 11% ea libaka tsa Lefapha la Tšireletso la US, 16% ea li-URL tse tsoang ho HTTP Archive database le hoo e ka bang 30% ea libaka tse kholo ka ho fetisisa tsa 500 tse behiloeng ke Alexa li ka 'na tsa hlaseloa.
E le mokhoa oa ho thibela tlhaselo ka lehlakoreng la sebaka sa marang-rang, u ka sebelisa hlooho ea "Cache-Control: no-store", e thibelang ho boloka karabo. Li-CDN tse ling, mohlala.
CloudFront le Akamai, o ka tima caching ea liphoso maemong a boemo ba profil. Bakeng sa ts'ireletso, o ka sebelisa li-firewall tsa ts'ebeliso ea webo (WAF, Web Application Firewall), empa li tlameha ho kengoa ka lehlakoreng la CDN ka pel'a mabotho a caching.
Source: opennet.ru