Phantse iminyaka eyi-9 eyadlulayo i-Cloudflare yayiyinkampani encinci, kwaye andizange ndiyisebenzele, ndandingumthengi nje. Kwinyanga emva kokusungula i-Cloudflare, ndifumene isaziso sokuba iwebhusayithi yam I-DNS ayibonakali iyasebenza. I-Cloudflare yenze utshintsho kwi , kwaye kukho i-DNS eyaphukileyo.
Ndibhalele uMatthew Prince kwangoko ngesihloko esithi "Iphi iDNS yam?"), ndiye ndaphendula ndathi:
Ukusuka ku: John Graham-Cumming
Umhla: Okthobha 7, 2010, 9:14
Isihloko: Re: Iphi iDNS yam?
Iya ku: Matthew PrinceIngxelo epholileyo, enkosi. Ngokuqinisekileyo ndiya kubiza ukuba kukho iingxaki. Kuyafaneleka ukuba ubhale isithuba malunga nale nto emva kokuba uqokelele lonke ulwazi lobugcisa. Ndicinga ukuba abantu baya konwabela ibali elivulekileyo nelinyanisekileyo. Ngokukodwa ukuba uncamathisela iigrafu kuyo ukubonisa ukuba ikhule njani itrafikhi ukusukela oko yasungulwa.
Ndinokubeka iliso kakuhle kwindawo yam, kwaye ndifumana iSMS malunga nokusilela konke. Ukubeka iliso kubonisa ukuba ukusilela kwenzeke ukususela ngo-13:03:07 ukuya ku-14:04:12. Uvavanyo lwenziwa rhoqo ngemizuzu emihlanu.
Ndiqinisekile ukuba uyakuyiqonda. Ngaba uqinisekile ukuba awumdingi umntu wakho eYurophu? π
Uye waphendula wathi:
Ivela: Matthew Prince
Umhla: Okthobha 7, 2010, 9:57
Isihloko: Re: Iphi iDNS yam?
Iya ku: John Graham-CummingEnkosi. Saphendula wonke umntu obhalayo. Ndisendleleni eya eofisini ngoku kwaye siza kubhala into kwibhlog okanye siqhoboshele iposti esemthethweni kwibhodi yethu yebhulethi. Ndivuma ngokupheleleyo, ukunyaniseka yinto yonke.
Ngoku i-Cloudflare yinkampani enkulu ngokwenene, ndiyisebenzela, kwaye ngoku kufuneka ndibhale ngokukhululekileyo malunga nephutha lethu, iziphumo zayo kunye nezenzo zethu.
Iziganeko ze-2 kaJulayi
Nge-2 kaJulayi siye sakhupha umgaqo omtsha kwiMithetho eLawulwayo yee-WAFs ngenxa yokuba kuyo yonke iprosesa ephambili yokusetyenzwa kweHTTP/HTTPS kwinethiwekhi yeCloudflare kwihlabathi liphela. Sihlala siphucula imithetho elawulwayo yee-WAFs ukuphendula kubuthathaka obutsha kunye nezoyikiso. NgoMeyi, umzekelo, sakhawuleza ukukhusela kumngcipheko omkhulu kwiSharePoint. Inqaku elipheleleyo le-WAF yethu kukukwazi ukukhawuleza kunye nemithetho yehlabathi jikelele.
Ngelishwa, uhlaziyo lwangoLwesine odlulileyo luqulathe intetho eqhelekileyo echithe kakhulu izixhobo ze-CPU ze-HTTP/HTTPS ekubuyiseleni umva. Ummeli wethu oyintloko, i-CDN, kunye nemisebenzi ye-WAF ihlupheke ngenxa yoko. Igrafu ibonisa ukuba izixhobo zeprosesa zokusebenzela i-HTTP/HTTPS yetrafikhi ifikelela phantse kwi-100% kwiiseva kwinethiwekhi yethu.
Ukusetyenziswa kwe-CPU kwindawo enye yobukho ngexesha lesiganeko
Ngenxa yoko, abathengi bethu (kunye nabathengi bethu) baphela ngephepha lephutha le-502 kwi-Cloudflare domains. Iimpazamo ze-502 ziveliswe ngamaseva ewebhu e-Cloudflare angaphambili abesenayo ii-cores zamahhala kodwa azikwazanga ukunxibelelana neenkqubo zokuphatha i-HTTP/HTTPS traffic.
Siyazi ukuba kungakanani ukuphazamiseka okubangele abathengi bethu. Sineentloni kakhulu. Kwaye oku kusilela kusithintele ekubeni sijongane ngokufanelekileyo nesi sehlo.
Ukuba ubungomnye waba bathengi, mhlawumbi ubusoyika, unomsindo kwaye ukhathazekile. Ngaphezu koko, asizange sibe nayo . Ukusetyenziswa okuphezulu kwe-CPU kubangelwe ngumthetho omnye we-WAF onegama elibi elibi elithe lakhokelela ekubuyiseleni umva ngokugqithisileyo. Nantsi intetho enetyala: (?:(?:"|'|]|}||d|(?:nan|infinity|true|false|null|undefined|symbol|math)|`|-|+)+[)]*;?((?:s|-|~|!|{}||||+)*.*(?:.*=.*)))
Ngelixa oku kunomdla ngokwalo (kwaye ndiza kuthetha ngayo ngeenkcukacha ezithe kratya ngezantsi), inkonzo ye-Cloudflare yayiphantsi kwemizuzu engama-27 kungekuphela nje ngenxa yokubonakaliswa kakubi rhoqo. Kwasithatha ixesha ukuchaza ukulandelelana kweziganeko ezikhokelele ekusileleni, ngoko ke sacotha ukuphendula. Ekupheleni kweposi, ndiza kuchaza ukubuyisela umva kwintetho eqhelekileyo kwaye ndikuxelele ukuba wenze ntoni ngayo.
Kwenzeke ntoni
Masiqale ngokulandelelana. Onke amaxesha apha e-UTC.
Ngo-13:42 p.m., injineli kwiqela le-firewall lenze utshintsho oluncinane kwimithetho yokubhaqa. usebenzisa inkqubo ezenzekelayo. Ngokufanelekileyo, itikiti lesicelo sokutshintsha lenziwe. Silawula amatikiti anjalo ngeJira (isikrini esingezantsi).
Emva kwemizuzu emi-3, kwavela iphepha lokuqala lePagerDuty, lixela ingxaki nge-WAF. Olu yayiluvavanyo olwenziweyo oluvavanya ukusebenza kwee-WAF (sinamakhulu kubo) ngaphandle kwe-Cloudflare ukujonga ukusebenza okuqhelekileyo. Oku kwalandelwa ngokukhawuleza ngamaphepha ezilumkiso malunga nezinye iimvavanyo zenkonzo zokuphela kwe-Cloudflare ezisilelayo, imiba yendlela yehlabathi jikelele, iimpazamo ezixhaphakileyo ze-502, kunye neetoni zeengxelo ezivela kwiiNdawo zethu zoBukho (PoP) kwizixeko zehlabathi ezibhekiselele ukungabikho kwezixhobo ze-CPU.
Ndifumene uninzi lwezi zilumkiso, ndiphume ngaphandle kwentlanganiso, kwaye bendisendleleni eya etafileni xa intloko yesebe lethu lophuhliso lwezisombululo yathi siphulukene ne-80% yezithuthi zethu. Ndabalekela kwiinjineli zethu ze-SRE, ezazisele zisebenza kule ngxaki. Ekuqaleni sasicinga ukuba luhlobo oluthile lohlaselo olungaziwayo.
Iinjineli ze-Cloudflare SRE zisasazeke kwihlabathi liphela kwaye zibeke iliso kwimeko yonke imini. Ngokwesiqhelo, ezi zilumkiso zikwazisa ngemiba ethile yendawo yomda olinganiselweyo, zilandelelwa kwiideshibhodi zangaphakathi, kwaye zisonjululwa kaninzi ngemini. Kodwa la maphepha kunye nezaziso zibonise into enzulu ngokwenene, kwaye iinjineli ze-SRE zakhawuleza zabhengeza inqanaba lobunzima P0 kwaye zaqhagamshelana nolawulo kunye neenjineli zenkqubo.
Oononjineli bethu baseLondon babephulaphule intetho kwiholo enkulu ngelo xesha. Intetho kwafuneka iphazamiseke, wonke umntu wahlanganisana kwigumbi elikhulu leenkomfa, kwaza kwabizwa iingcali ezingakumbi. Le yayingeyongxaki eqhelekileyo ukuba ii-SREs zinokujongana nazo ngokwazo. Kwakungxamisekile ukubandakanya iingcali ezifanelekileyo.
Ngo-14:00 sinqume ukuba ingxaki ikwi-WAF kwaye akukho kuhlaselwa. Iqela lentsebenzo lakhupha idatha ye-CPU kwaye kwacaca ukuba i-WAF yayinetyala. Omnye umqeshwa uqinisekisile le nkcazo ngokusebenzisa umtya. Omnye umntu wabona kwii-logs ukuba kukho ingxaki nge-WAF. Nge-14: 02 p.m., iqela lonke leza kum xa kwakucetywa ukuba kusetyenziswe ukubulala kwehlabathi, indlela eyakhelwe kwi-Cloudflare evala icandelo elinye kwihlabathi liphela.
Indlela esibulele ngayo i-WAF libali elahlukileyo. Akulula ngolo hlobo. Sisebenzisa iimveliso zethu, kwaye ukususela kwinkonzo yethu ayisebenzanga, asikwazanga ukunyanisekisa kwaye singene kwiphaneli yolawulo yangaphakathi (xa yonke into yalungiswa, safunda ukuba amanye amalungu eqela aphulukene nofikelelo ngenxa yenqaku lokhuseleko elikhubaza iziqinisekiso ukuba iphaneli yolawulo yangaphakathi ayisetyenziswanga ixesha elide).
Kwaye asikwazanga ukufikelela kwiinkonzo zethu zangaphakathi, njengeJira okanye inkqubo yokwakha. Besifuna indlela yokulungisa, ebesiyisebenzisi rhoqo (oku kuya kufuneka ukuba kusetyenzwe). Ekugqibeleni, enye injineli yakwazi ukukhubaza i-WAF ngo-14: 07, kwaye ngo-14: 09, amanqanaba e-traffic kunye ne-CPU abuyele kwisiqhelo kuyo yonke indawo. Ezinye iindlela zokukhusela ze-Cloudflare zisebenze njengesiqhelo.
Emva koko silungiselela ukubuyisela i-WAF. Imeko yayingaphandle kwesiqhelo, ngoko ke saqhuba iimvavanyo ezingalunganga (sizibuza ukuba ngaba utshintsho luyingxaki ngokwenene) kunye neemvavanyo ezintle (ukuqinisekisa ukuba i-rollback isebenze) kwisixeko esinye usebenzisa i-traffic eyahlukileyo, ukudlulisela abathengi abahlawulayo ukusuka apho.
Nge-14: 52 sasiqinisekile ukuba siyasiqonda isizathu kwaye senza ulungiso, kwaye senza i-WAF kwakhona.
Isebenza njani i-Cloudflare
I-Cloudflare ineqela leenjineli ezizinikele ekulawuleni imithetho ye-WAFs. Bazama ukuphucula amazinga okubona, ukunciphisa iimpawu zobuxoki, kwaye baphendule ngokukhawuleza kwiisongelo ezintsha njengoko zivela. Kwiintsuku ezingama-60 ezidlulileyo, kuye kwakho izicelo zotshintsho ezingama-476 eziqhutywe kwimigaqo elawulwayo ye-WAF (umyinge omnye rhoqo kwiiyure ezi-3).
Olu tshintsho oluthile lufunekayo ukuba lusetyenziswe kwimodi yokulinganisa, apho i-traffic yomthengi wangempela idlula kumgaqo, kodwa akukho nto ivaliwe. Sisebenzisa le modi ukuvavanya ukusebenza kwemigaqo kunye nokulinganisa ubuxoki obulungileyo kunye namazinga angalunganga. Kodwa nakwimowudi yokulinganisa, imigaqo kufuneka iphunyezwe, kwaye kulo mzekelo umgaqo uqulathe intetho eqhelekileyo eyayisebenzisa izixhobo zokusebenza ezininzi kakhulu.
Njengoko unokubona kwisicelo sotshintsho esingentla, sinesicwangciso sokuthunyelwa, isicwangciso sokubuyisela umva, kunye nekhonkco kwinkqubo yokusebenza esemgangathweni yangaphakathi (SOP) yolu hlobo lokuthunyelwa. I-SOP yokutshintsha umthetho ivumela ukuba ipapashwe kwihlabathi jikelele. Ngokwenyani, e-Cloudflare, izinto zenziwa ngokwahlukileyo ngokupheleleyo, kwaye i-SOP iyalela ukuba siqale sithumele isoftware yovavanyo kunye nokusetyenziswa kwangaphakathi kwindawo yangaphakathi yobukho (i-PoP) (esetyenziswa ngabasebenzi bethu), emva koko kwinani elincinci labathengi. indawo ekwanti, emva koko ukuya kwinani elikhulu labathengi, kwaye emva koko kwihlabathi liphela.
Oku kubonakala ngathi. Sisebenzisa i-git ngaphakathi nge-BitBucket. Iinjineli ezisebenza kwiinguqu zingenisa ikhowudi, eyakhiwe kwi-TeamCity, kwaye xa ukwakhiwa kudlula, ababuyekezi babelwa. Emva kokuba isicelo sokutsalwa sivunyiwe, ikhowudi ihlanganiswe kwaye uluhlu lweemvavanyo luqhutywe (kwakhona).
Ukuba ulwakhiwo kunye neemvavanyo zigqiba ngempumelelo, isicelo sotshintsho senziwe kwiJira kwaye umphathi ofanelekileyo okanye ukhokelo kufuneka avume utshintsho. Emva kokuvunywa, ukusasazwa kwenzeka kwinto ebizwa ngokuba yi βPoP menagerieβ: INJA, iPIG kunye (inja, ihagu kunye necanary).
I-DOG PoP yi-Cloudflare PoP (njengazo zonke ezinye izixeko zethu) esetyenziswa kuphela ngabasebenzi be-Cloudflare. I-PoP yokusetyenziswa kwangaphakathi ikuvumela ukuba ubambe iingxaki ngaphambi kokuba i-traffic yabathengi iqale ukugeleza kwisisombululo. Into eluncedo.
Ukuba uvavanyo lwe-DOG luphumelele, ikhowudi ihambela kwinqanaba le-PIG (guinea pig). Le yi-Cloudflare PoP, apho inani elincinci lokuhamba kwabathengi bamahhala lihamba ngekhowudi entsha.
Ukuba konke kulungile, ikhowudi iya eCanary. SineCanary PoPs ezintathu kwiindawo ezahlukeneyo zehlabathi. Kuzo, i-traffic yabathengi abahlawulwayo kunye nabakhululekile badlula ikhowudi entsha, kwaye oku kukuphela kokukhangela iimpazamo.
Inkqubo yokukhutshwa kweSoftware kwi-Cloudflare
Ukuba ikhowudi ilungile eCanary, siyayikhulula. Ukuhamba kuzo zonke izigaba - I-DOG, i-PIG, i-Canary, ihlabathi lonke - kuthatha iiyure eziliqela okanye iintsuku, kuxhomekeke kwinguqu yekhowudi. Ngenxa yeyantlukwano yenethiwekhi ye-Cloudflare kunye nabathengi, sivavanya ikhowudi ngaphambi kokuba siyikhulule kwihlabathi liphela kubo bonke abathengi. Kodwa i-WAF ayilandeli ngokuthe ngqo le nkqubo kuba izoyikiso kufuneka ziphendulwe ngokukhawuleza.
Izisongelo ze-WAF
Kule minyaka imbalwa idlulileyo, kuye kwakho ukwanda okubonakalayo kwezoyikiso kwizicelo eziqhelekileyo. Oku kungenxa yokufumaneka okukhulu kwezixhobo zokuvavanya isoftware. Umzekelo, sisanda kubhala malunga ).
umthombo:
Rhoqo, ubungqina bengcinga buyenziwa kwaye bupapashwe ngokukhawuleza kwi-Github ukuze amaqela agcina isicelo anokusivavanya ngokukhawuleza kwaye aqinisekise ukuba sikhuselekile ngokwaneleyo. Ke ngoko, i-Cloudflare idinga amandla okuphendula kuhlaselo olutsha ngokukhawuleza ukuze abathengi bafumane ithuba lokulungisa isoftware yabo.
Umzekelo omkhulu wempendulo ekhawulezayo ye-Cloudflare kukuthunyelwa kwe-SharePoint yokukhusela umngcipheko ngoMeyi (). Phantse ngokukhawuleza emva kokwenziwa kwezibhengezo, saqaphela inani elikhulu leenzame zokusebenzisa ukuba sesichengeni kufakelo lweSharePoint yabathengi bethu. Abafana bethu bahlala bebeka esweni izisongelo ezintsha kunye nemithetho yokubhala ukukhusela abathengi bethu.
Umgaqo obangele ingxaki ngoLwesine bekufanele ukhusele ekubhalweni kwe-cross-site scripting (XSS). Olo hlaselo luye lwaxhaphaka ngakumbi kwiminyaka yakutshanje.
umthombo:
Inkqubo esemgangathweni yokutshintsha umgaqo olawulwayo we-WAF kukuqhuba uvavanyo oluqhubekayo lokudibanisa (CI) ngaphambi kokuthunyelwa kwehlabathi. NgoLwesine weveki ephelileyo siye sayenza le nto saza sakhupha imithetho. Nge-13:31 p.m., injineli yafaka isicelo sokutsalwa esivunyiweyo kunye notshintsho.
Ngo-13:37 iTeamCity iqokelele imigaqo, yaqhuba iimvavanyo kwaye yanika imvume yokuya phambili. Uvavanyo lwe-WAF luvavanya umsebenzi ongundoqo we-WAF kwaye lubandakanya inani elikhulu lovavanyo lweeyunithi kwimisebenzi yomntu ngamnye. Emva kovavanyo lweyunithi, sivavanye imithetho ye-WAF sisebenzisa inani elikhulu lezicelo ze-HTTP. Izicelo ze-HTTP zihlola ukuba zeziphi izicelo ezimele zivaliwe yi-WAF (ukuthintela ukuhlaselwa) kwaye inokuvunyelwa khona (ukuze ungavimbeli yonke into kwaye ugweme ubuxoki). Kodwa asizange sivavanye ukusetyenziswa kwe-CPU ngokugqithiseleyo, kwaye ukuphonononga iilogi ze-WAF zangaphambili zakha kubonisa ukuba ixesha lokuvavanya umgaqo alizange linyuke, kwaye kwakunzima ukukrokrela ukuba akukho zixhobo zaneleyo.
Iimvavanyo zidlulile kwaye iTeamCity yaqala ukuthumela ngokuzenzekelayo utshintsho kwi-13: 42 p.m.
Quicksilver
Imithetho ye-WAF igxile kulungiso olukhawulezileyo lwesisoyikiso, ngoko ke siyithumela sisebenzisa ivenkile ye-Quicksilver esasaziweyo ye-key-value, esasaza utshintsho kwihlabathi jikelele ngemizuzwana. Bonke abathengi bethu basebenzisa le teknoloji xa betshintsha ukucwangciswa kwideshibhodi okanye nge-API, kwaye siyabulela ukuba siphendula utshintsho ngesantya sombane.
Khange sithethe kakhulu nge-Quicksilver. Ngaphambili sasisebenzisa njengevenkile yexabiso elingundoqo elisasazwe kwihlabathi jikelele, kodwa bekukho iingxaki zokusebenza kuyo, kwaye sabhala ivenkile yethu, ephindwe kwizixeko ezingaphezu kwe-180. Ngoku sisebenzisa i-Quicksilver ukutyhala utshintsho lolungelelwaniso kubathengi, ukuhlaziya imithetho ye-WAF, kwaye sisasaze ikhowudi yeJavaScript ebhalwe ngabathengi kubasebenzi be-Cloudflare.
Kuthatha nje imizuzwana embalwa ukucofa iqhosha kwideshibhodi okanye ukufowunela i-API ukwenza utshintsho loqwalaselo kwihlabathi liphela. Abathengi bathande esi santya sokuseta. Kwaye Abasebenzi babanika phantse kwangoko ukusasazwa kwesoftware yehlabathi. Ngokomyinge, i-Quicksilver isasaza malunga neenguqu ze-350 ngomzuzwana.
Kwaye i-Quicksilver ikhawuleza kakhulu. Ngokomndilili, sifezekise ipesenti ezingama-99 zemizuzwana eyi-2,29 ukusasaza utshintsho kwikhompyuter nganye kwihlabathi liphela. Isantya sihlala siyinto elungileyo. Emva kwayo yonke loo nto, xa uvumela umsebenzi okanye ucoca i-cache, yenzeka ngoko nangoko kwaye kuyo yonke indawo. Ukuthumela ikhowudi nge-Cloudflare Workers kwenzeka ngesantya esifanayo. I-Cloudflare ithembisa abathengi bayo uhlaziyo olukhawulezayo ngexesha elifanelekileyo.
Kodwa kule meko, isantya sadlala ihlaya elikhohlakeleyo kuthi, kwaye imithetho yatshintsha yonke indawo kwimizuzwana. Usenokuba uqaphele ukuba ikhowudi ye-WAF isebenzisa uLua. I-Cloudflare isebenzisa i-Lua ngokubanzi kwimveliso kunye neenkcukacha sikho . Lua WAF isebenzisa ngaphakathi kwaye ifaka umva ukuhambelana. Ayinazo iindlela zokukhusela iintetho eziphuma kulawulo. Ngezantsi ndiza kuthetha ngakumbi ngale nto kunye nento esiyenzayo ngayo.
Ngaphambi kokuba imigaqo isetyenziswe, yonke into yayihamba kakuhle: isicelo sokutsala sadalwa kwaye savunywa, umbhobho weCI / CD waqokelela kwaye wavavanya ikhowudi, isicelo sokutshintsha sifakwe ngokwe-SOP elawula ukuthunyelwa kunye nokubuyisela umva, kwaye ukuthunyelwa kwagqitywa.
Cloudflare WAF Deployment Process
Into ayihamba kakuhle
Njengoko benditshilo, sihambisa uninzi lwemithetho emitsha ye-WAF veki nganye, kwaye sineenkqubo ezininzi zokukhusela ngokuchasene neziphumo ezibi zokusasazwa okunjalo. Kwaye xa kukho into engahambi kakuhle, idla ngokuba yindibaniselwano yeemeko ezininzi. Ukuba ufumana isizathu esinye, oku, ngokuqinisekileyo, kuyaqinisekisa, kodwa akusoloko kuyinyani. Ezi zizathu eziye zakhokelela ekungaphumelelini kwenkonzo yethu ye-HTTP/HTTPS.
- Injineli yabhala ibinzana eliqhelekileyo elinokukhokelela ekugqithiseni .
- Isici esinokuthi sithintele ukubonakaliswa okuqhelekileyo ekuchitheni i-CPU eninzi yasuswa ngempazamo ekuhlaziyweni kwakhona kwe-WAF kwiiveki ezimbalwa ngaphambili-ukulungiswa kwakhona kwakudingeka ukwenza i-WAF idle izixhobo ezincinci.
- I-injini yokubonisa rhoqo yayingenazo iziqinisekiso ezinzima.
- I-suite yovavanyo ayikwazanga ukubona ukusetyenziswa okugqithisileyo kwe-CPU.
- I-SOP ivumela utshintsho lwemithetho engangxamisekanga ukuba ikhutshwe kwihlabathi jikelele ngaphandle kwenkqubo yamanyathelo amaninzi.
- Isicwangciso sokubuyisela umva sifuna ukuqhuba ukwakhiwa kwe-WAF epheleleyo kabini, okuthathe ixesha elide.
- Isilumkiso sokuqala malunga neengxaki zetrafikhi zehlabathi zibangelwe kade kakhulu.
- Sithathe ixesha ukuhlaziya iphepha lesimo.
- Siye saba neengxaki zokufikelela kwiinkqubo ngenxa yokusilela kwaye inkqubo yokudlula ayizange imiselwe kakuhle.
- Iinjineli ze-SRE zaphulukana nokufikelela kwezinye iinkqubo ngenxa yokuba iziqinisekiso zabo ziphelelwe lixesha ngenxa yezizathu zokhuseleko.
- Abathengi bethu abakwazanga ukufikelela kwideshibhodi ye-Cloudflare okanye i-API kuba bahamba kwindawo ye-Cloudflare.
Yintoni etshintshileyo ukusukela ngoLwesine ophelileyo
Okokuqala, siwuyeke ngokupheleleyo wonke umsebenzi wokukhutshwa kwe-WAF kwaye senza oku kulandelayo:
- Sibuyisela kwakhona i-CPU yokukhusela ngokugqithisileyo esiyisusileyo. (Kulungile)
- Ukujonga ngesandla yonke imithetho ye-3868 kwimigaqo elawulwayo ye-WAF ukufumana kunye nokulungisa ezinye iimeko ezinokubakho zokubuyela umva ngokugqithisileyo. (Ukuqinisekiswa kugqityiwe)
- Sibandakanya iprofayili yokusebenza kuyo yonke imithetho kwisethi yovavanyo. (Kulindeleke: Julayi 19)
- Ukutshintshela kwi-injini yokubonakalisa rhoqo okanye - zombini zibonelela ngeziqinisekiso zexesha lokusebenza. (Kulindeleke: Julayi 31)
- Sibhala kwakhona i-SOP ukuhambisa imithetho ngezigaba, njengenye isoftware kwi-Cloudflare, kodwa kwangaxeshanye sinamandla okusasazwa kwehlabathi jikelele ukuba uhlaselo sele luqalisile.
- Siphuhlisa ukukwazi ukususa ngokukhawuleza ideshibhodi ye-Cloudflare kunye ne-API kwingingqi ye-Cloudflare.
- Ukuzenzekela uhlaziyo lwephepha .
Ixesha elide sihamba kude neLua WAF endiyibhale kwiminyaka embalwa edlulileyo. Ukuhambisa WAF ukuya . Ngale ndlela i-WAF iya kukhawuleza kwaye ifumane inqanaba elongezelelweyo lokukhusela.
isiphelo
Oku kusilela kubangele ingxaki kuthi nakubathengi bethu. Senze ngokukhawuleza ukulungisa imeko kwaye ngoku sisebenzela iziphene kwiinkqubo ezibangele ukuphahlazeka, kunye nokugrumba nzulu ngakumbi ukugada iingxaki ezinokubakho kunye nokubonakaliswa rhoqo kwixesha elizayo xa ufudukela kwiteknoloji entsha.
Sinentloni kakhulu ngoku kucinywa kwaye siyaxolisa kubathengi bethu. Siyathemba ukuba olu tshintsho luya kuqinisekisa ukuba into efana nale ayiphindi yenzeke.
Isicelo. Ukubuyisela umva intetho eqhelekileyo
Ukuqonda indlela eli binzana:
(?:(?:"|'|]|}||d
(?:nan|infinity|true|false|null|undefined|symbol|math)|`|-
|+)+[)]*;?((?:s|-|~|!|{}||||+)*.*(?:.*=.*)))watya zonke izixhobo ze-CPU, kufuneka wazi kancinci malunga nendlela esebenza ngayo i-injini eqhelekileyo yokubonisa. Ingxaki apha yipatheni .*(?:.*=.*). (?: kunye nokuhambelana ) liqela elingabambisi (oko kukuthi, intetho ekwizibiyeli idityaniswe njengentetho enye).
Kumxholo wokusetyenziswa okugqithisileyo kwe-CPU, le pateni inokuchazwa njenge .*.*=.*. Kule fomu, ipateni ibonakala inzima ngokungeyomfuneko. Kodwa okona kubaluleke kakhulu, kwihlabathi lokwenyani, amabinzana (njengamabinzana antsokothileyo kwimithetho ye-WAF) acela i-injini ukuba ifanise iqhekeza elilandelwa sesinye isiqwenga kunokukhokelela kumqolo oyintlekele. Yiyo loo nto.
Ngokubonakalisa rhoqo . kuthetha ukuba kufuneka ufanise umlinganiswa omnye, .* - Tshatisa i-zero okanye ngaphezulu abalinganiswa "ngokunyoluka", oko kukuthi, ukubamba uninzi lwabalinganiswa, ukuze .*.*=.* kuthetha ukuthelekisa u-ziro okanye abalinganiswa abaninzi, uze utshatise onguziro okanye ngaphezulu, fumana i-liter = unobumba, thelekisa unothi okanye ngaphezulu.
Masithathe umgca wovavanyo x=x. Ihambelana nentetho .*.*=.*. .*.* phambi kokuba uphawu olulinganayo lufane nelokuqala x (enye yamaqela .* ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΡΠ΅Ρ x, kunye neyesibini - zero abalinganiswa). .* emva = imidlalo yokugqibela x.
Olu thelekiso lufuna amanyathelo angama-23. Iqela lokuqala .* Π² .*.*=.* yenza ngokunyoluka kwaye ihambelana nomtya wonke x=x. Injini iya kwiqela elilandelayo .*. Asisenabo abanye abalinganiswa esizakuhambelana nabo, ngoko ke iqela lesibini .* ihambelana namagama angu-zero (oku kuvumelekile). Emva koko injini iya kuphawu =. Azisekho iisimboli (iqela lokuqala .* wasebenzisa yonke intetho x=x), akukho luthelekiso lwenzekayo.
Kwaye ke injini yokubonakalisa eqhelekileyo ibuyela ekuqaleni. Uqhubela phambili kwiqela lokuqala .* kwaye uyayithelekisa Ρ x= (endaweni yokuba x=x), kwaye emva koko ithatha iqela lesibini .*. Iqela lesibini .* ithelekiswa neyesibini x, kwaye kwakhona asinabo abalinganiswa abaseleyo. Kwaye xa injini ifika kwakhona = Π² .*.*=.*, akukho nto isebenzayo. Uye wabuya umva kwakhona.
Ngeli xesha iqela .* isahambelana x=, kodwa iqela lesibini .* hayi kwakhona x, kunye neempawu zero. Injini izama ukufumana umlinganiswa wokoqobo = kwipatheni .*.*=.*, kodwa ayiphumi (emva koko, iqela lokuqala sele liyithathile .*). Uye wabuya umva kwakhona.
Ngeli xesha iqela lokuqala .* ithatha kuphela elokuqala x. Kodwa iqela lesibini .* "ngokubawa" uyabamba =x. Ngaba sele uqikelele ukuba kuya kwenzeka ntoni? Injini izama ukungqamanisa nokoqobo =, iyasilela kwaye yenza enye umva.
Iqela lokuqala .* isahambelana neyokuqala x. Isibini .* kuthatha kuphela =. Kakade ke, i-injini ayikwazi ukufana neyoqobo =, kuba iqela lesibini sele likwenzile oku .*. Kwaye kwakhona umva. Kwaye sizama ukutshatisa umtya wabalinganiswa abathathu!
Ngenxa yoko, iqela lokuqala .* ihambelana neyokuqala kuphela x, Isibini .* - kunye nabalinganiswa bero, kwaye injini ekugqibeleni ihambelana neyoqobo = kwintetho Ρ = nomgca. Okulandelayo liqela lokugqibela .* ithelekiswa neyokugqibela x.
amanyathelo angama-23 kuphela x=x. Bukela ividiyo emfutshane malunga nokusebenzisa iPerl , ebonisa ukuba amanyathelo kunye nokubuyisela umva kwenzeka njani.
Lo sele umkhulu umsebenzi, kodwa kuthekani ukuba endaweni yoko x=x siya kuba nayo x=xx? Ngamanyathelo angama-33. Kwaye ukuba x=xxx? 45. Ulwalamano alukho mgca. Igrafu ibonisa uthelekiso ukusuka x=x Π΄ΠΎ x=xxxxxxxxxxxxxxxxxxxx (20 x ΠΏΠΎΡΠ»Π΅ =). Ukuba sino 20 x emva =, i-injini igqibezela ukuhambelana ngamanyathelo angama-555! (Ngaphezu koko, ukuba silahlekile x= kwaye umtya uquka nje ama-20 x, injini iya kuthatha amanyathelo angama-4067 ukuqonda ukuba akukho midlalo).
Le vidiyo ibonisa konke umva ukuthelekisa x=xxxxxxxxxxxxxxxxxxxx:
Inkathazo kukuba njengoko ubungakanani bentambo bukhula, ixesha lokudibanisa likhula ngokugqithisileyo. Kodwa izinto zinokuba mbi ngakumbi ukuba intetho eqhelekileyo iguqulwe kancinane. Masithi besinayo .*.*=.*; (oko kukuthi, bekukho isemicolon yokoqobo ekupheleni kwepateni). Umzekelo, ukutshatisa intetho efana foo=bar;.
Kwaye apha ukubuyisela umva kuya kuba yintlekele yokwenene. Ukuthelekisa x=x iya kuthabatha amanyathelo angama-90, hayi ama-23. Yaye elo nani likhula ngokukhawuleza. Ukuthelekisa x= kunye ne-20 x, kufuneka amanyathelo angama-5353. Nantsi itshathi. Jonga amaxabiso e-axis Y xa kuthelekiswa netshathi yangaphambili.
Ukuba unomdla, jonga onke ama-5353 awaphumelelanga amanyathelo ahambelanayo x=xxxxxxxxxxxxxxxxxxxx ΠΈ .*.*=.*;
Ngokusebenzisa ukonqena kunokubawa ukuthelekisana, ubungakanani bokubuyela umva bunokulawulwa. Ukuba sitshintsha imbonakalo yoqobo ibe .*?.*?=.*?, ukuthelekisa x=x iyakuthatha amanyathelo ali-11 (hayi 23). Ngoko x=xxxxxxxxxxxxxxxxxxxx. Konke ngenxa ? ΠΏΠΎΡΠ»Π΅ .* ixelela i-injini ukuba itshatise ubuncinci benani labalinganiswa phambi kokuba iqhubele phambili.
Kodwa i-mappings eyonqenayo ayizisombululi ngokupheleleyo ingxaki yokubuyela umva. Ukuba sithatha indawo yomzekelo oyintlekele .*.*=.*; phezu .*?.*?=.*?;, ixesha lokwenziwa liya kuhlala lifana. x=x isafuna amanyathelo angama-555, kwaye x= kunye ne-20 x - 5353.
Inye kuphela into enokwenziwa (ngaphandle kokuphinda ubhale ngokupheleleyo ipateni yengcaciso enkulu) kukushiya i-injini yokubonisa eqhelekileyo kunye nendlela yayo yokubuyisela umva. Yile nto siza kube siyenza kwezi veki zimbalwa zizayo.
Isisombululo sale ngxaki saziwa ukususela ngo-1968, xa uKent Thompson wabhala inqaku ("Iindlela zokuCwangcisa: I-algorithm yokukhangela inkcazo rhoqo"). Inqaku lichaza indlela ekuvumela ukuba uguqule intetho eqhelekileyo ibe nguomatshini belizwe abangagqibekanga, kwaye emva kokutshintsha kwemeko koomatshini belizwe abangagqibekanga, sebenzisa i-algorithm ixesha layo lokuphumeza lixhomekeke ngokuhambelana nomtya ohambelanayo.
Iindlela zokucwangcisa
I-Algorithm yoPhando lweNgcaciso rhoqo
Ken Thompson
Bell Telephone Laboratories, Inc., Murray Hill, New JerseyIchaza indlela yokukhangela umtya othile wabalinganiswa kwisicatshulwa kwaye ixoxe ngokuphunyezwa kwale ndlela kwifom yomqambi. Umqambi uthatha ukubonakaliswa okuqhelekileyo njengekhowudi yomthombo kwaye uvelise inkqubo ye-IBM 7094 njengekhowudi yento. Inkqubo yenjongo ithatha igalelo ngohlobo lophendlo olubhaliweyo kwaye ikhupha isignali ngexesha ngalinye umtya wokubhaliweyo udityaniswa ngokuchasene nentetho eqhelekileyo enikiweyo. Eli nqaku linika imizekelo, iingxaki kunye nezisombululo.
I-algorithm
Uphendlo lwangaphambili lwealgorithms lubangele umva ukuba ukhangelo oluphumeleleyo olungaphelelanga aluphumelelanga ukuvelisa isiphumo.Kwimo yokudibanisa, i-algorithm ayisebenzi ngeempawu. Igqithisa imiyalelo kwikhowudi ehlanganisiweyo. Ukuphunyezwa kukhawuleza kakhulu - emva kokudlulisa idatha phezulu kuluhlu lwangoku, ikhangela ngokuzenzekelayo bonke abalinganiswa abalandelelanayo abanokwenzeka kwintetho eqhelekileyo.
Ukuqulunqwa kunye ne-algorithm yokukhangela ibandakanyiwe kumhleli wombhalo wokwabelana ngexesha njengokukhangela kwimeko. Ngokuqinisekileyo, oku kukude nesicelo kuphela senkqubo yokukhangela enjalo. Umzekelo, ukwahluka kwale algorithm isetyenziswa njengokukhangela isimboli kwitafile kwi assembler.
Kucingelwa ukuba umfundi uqhelene namabinzana aqhelekileyo kunye ne-IBM 7094 yolwimi lweprogram yekhompyutha.Umqokeleli
Umqokeleli unezigaba ezithathu ezisebenza ngokuhambelanayo. Inqanaba lokuqala kuhluzo lwesivakalisi, esivumela kuphela iintetho eziqhelekileyo ezichanekileyo ukuba zidlule. Eli nyathelo likwafaka "Β·" umsebenzisi ukutshatisa amabinzana aqhelekileyo. Kwinqanaba lesibini, intetho eqhelekileyo iguqulelwa kwifom ye-postfix. Kwinqanaba lesithathu, ikhowudi yento yenziwe. Izigaba ezi-2 zokuqala zicacile, kwaye asiyi kuhlala kuzo.
Inqaku likaThompson alithethi malunga noomatshini belizwe abangaqinisekanga, kodwa lichaza i-algorithm yexesha lomgca kakuhle kwaye libonisa inkqubo ye-ALGOL-60 eyenza ikhowudi yolwimi yendibano ye-IBM 7094. Ukuphunyezwa kubuqili, kodwa ingcamango ilula kakhulu.
indlela yokukhangela yangoku. Imelwe ngu β icon ngegalelo elinye kunye neziphumo ezimbini.
Umzobo 1 ubonisa imisebenzi yenyathelo lesithathu lokudibanisa xa uguqula umzekelo oqhelekileyo wokubonisa. Abathathu bokuqala abalinganiswa kumzekelo a, b, c, kwaye nganye yenza ungeniso lwestack S[i] kunye nomhlaba we-NNODE.I-NNODE kwikhowudi esele ikhona ukuvelisa isiphumo esiqhelekileyo sokuchazwa kwi-stack eyodwa yokungena (jonga uMfanekiso 5)
Le yindlela imbonakalo eqhelekileyo enokuthi ijongeke ngayo .*.*=.*, ukuba ucinga ngathi kwimifanekiso evela kwinqaku likaThompson.
KwiFig. U-0 kukho imijikelo emihlanu eqala ku-0, kunye nemijikelo emi-3 eqala ku-1, 2 kunye no-3. .* kwintetho eqhelekileyo. Ii-oval ezi-3 ezinamachaphaza zihambelana nesimboli enye. I-oval enophawu = ihambelana nomlinganiswa wokoqobo =. Ilizwe lesi-4 lelokugqibela. Ukuba sifikelela kuyo, ke intetho eqhelekileyo ihambelana.
Ukubona ukuba umzobo wemeko onje ungasetyenziswa njani ukuthelekisa imbonakalo eqhelekileyo .*.*=.*, siza kujonga ukuhambelana komtya x=x. Inkqubo iqala kurhulumente 0, njengoko kubonisiwe kwiFig. 1.
Ukuze le algorithm isebenze, umatshini karhulumente kufuneka ube kumazwe amaninzi ngaxeshanye. Umatshini ongenasiphelo ongenakunqunyulwa uya kwenza zonke iinguqu ezinokwenzeka ngaxeshanye.
Ngaphambi kokuba ibe nexesha lokufunda idatha yegalelo, iya kuzo zombini iindawo zokuqala (1 kunye ne-2), njengoko kubonisiwe kwi-Fig. 2.
KwiFig. U-2 ubonisa okwenzekayo xa ejonga kweyokuqala x Π² x=x. x ingenza imephu ukuya kwindawo ephezulu, ukusuka kwimeko 1 kwaye umva ukuya kwimeko 1. Okanye x ingenza imephu ukuya kwindawo engezantsi, ukusuka kwimeko yesi-2 kwaye ubuyele kwisi-2.
Emva kokudibana neyokuqala x Π² x=x sisekwinqanaba loku-1 kunye no-2. Asikwazi ukufikelela kwinqanaba lesi-3 okanye lesi-4 kuba sifuna umlinganiswa wokoqobo. =.
I-algorithm ke iqwalasela = Π² x=x. Njengo x phambi kwayo, inokudityaniswa nokuba yeyiphi kwezi zibini eziphezulu ukusuka kwimo 1 ukuya kwimo 1 okanye ukusuka kwiphondo 2 ukuya kwisi-2, kodwa ialgorithm inokutshatisa ingokoqobo. = kwaye uhambe ukusuka kwisi-2 ukuya kwisi-3 (kwaye ngokukhawuleza 4). Oku kuboniswe kwiFig. 3.
I-algorithm ke iqhubela phambili ukuya kweyokugqibela x Π² x=x. Ukusuka kwiphondo 1 kunye no-2 iinguqu ezifanayo zinokwenzeka ukubuyisela kwisi-1 kunye no-2. Ukususela kwisi-3 x inokutshatisa inqaku ekunene kwaye ubuyele kwimo yesi-3.
Kweli nqanaba, umlinganiswa ngamnye x=x kuqwalaselwe, kwaye ukusukela ukuba sifikelele kwinqanaba lesi-4, intetho eqhelekileyo idibana naloo mtya. Umlinganiswa ngamnye ucutshungulwa kube kanye, ngoko ke le algorithm inomgca kubude bomtya wegalelo. Kwaye akukho kubuya umva.
Ngokucacileyo, emva kokufikelela kwimeko yesi-4 (xa i-algorithm ihambelana x=) yonke intetho eqhelekileyo ihambelana, kwaye i-algorithm inokuphelisa ngaphandle kokuyiqwalasela kwaphela x.
Le algorithm ixhomekeke ngokulandelelana kubungakanani bomtya wegalelo.
umthombo: www.habr.com