Abaphandi abavela kwiDyunivesithi yaseHamburg naseCologne
indlela entsha yokuhlasela kuthungelwano lokuhanjiswa komxholo kunye ne-caching proxies - (Cache-Poisoned Denial-of-Service). Uhlaselo luvumela ukufikelela kwiphepha ukuba kunqatshelwe nge-cache poisoning.
Ingxaki ibangelwa kukuba i-CDN cache ayiphelelanga kuphela izicelo ezigqityiweyo, kodwa kunye neemeko xa umncedisi we-http ebuyisela impazamo. Njengomthetho, ukuba kukho iingxaki ngokwenza izicelo, umncedisi ukhupha impazamo ye-400 (isicelo esibi) kuphela ngaphandle kwe-IIS, ekhupha i-404 (Ayifunyenwanga) impazamo yeentloko ezinkulu kakhulu. Umgangatho uvumela kuphela iimpazamo ngeekhowudi ze-404 (Ayifunyenwanga), 405 (Indlela Ayivumelekanga), 410 (Imkile) kunye ne-501 (Ayiphunyezwanga) ukuba igcinwe, kodwa ezinye ii-CDN nazo zigcina iimpendulo ngekhowudi 400 (isicelo esibi), esixhomekeke kwisicelo esithunyelweyo.
Abahlaseli banokubangela ukuba umthombo wokuqala ubuyisele "isicelo esibi se-400" ngokuthumela isicelo kunye neentloko ze-HTTP ezifomathiweyo ngendlela ethile. Ezi zihloko azithathelwa ngqalelo yi-CDN, ngoko ke ulwazi malunga nokungakwazi ukufikelela kwiphepha luya kugcinwa, kwaye zonke ezinye izicelo ezisebenzayo zabasebenzisi ngaphambi kokuba ixesha lokuphela kwexesha liphele zingabangela impazamo, nangona isayithi lokuqala likhonza umxholo. ngaphandle kweengxaki.
Iinketho ezintathu zohlaselo ziye zacetywa ukunyanzela iseva yeHTTP ukuba ibuyise impazamo:
- I-HMO (i-HTTP Method Override) - umhlaseli unokugqithisa indlela yesicelo sokuqala ngokusebenzisa "i-X-HTTP-Method-Override", "i-X-HTTP-Method" okanye "i-X-Method-Override" izihloko, ezixhaswa ngamanye amaseva, kodwa ayithathelwa ngqalelo kwi-CDN. Umzekelo, unokutshintsha indlela yokuqala ye- "GET" kwindlela ethi "DELETE", engavumelekanga kumncedisi, okanye indlela ye-"POST", engasetyenziswanga kwi-statics;
- I-HHO (i-HTTP Header Oversize) - umhlaseli unokukhetha ubukhulu bentloko ukwenzela ukuba igqithe umda womncedisi womthombo, kodwa ungangeni kwimida ye-CDN. Umzekelo, i-Apache httpd ikhawulela ubungakanani beheader kwi-8 KB, kunye ne-Amazon Cloudfront CDN ivumela iiheader ukuya kwi-20 KB;
- I-HMC (i-HTTP Meta Character) - umhlaseli unokufaka iimpawu ezikhethekileyo kwisicelo (\n, \r, \a), ezithathwa njengezingekho mthethweni kumncedisi womthombo, kodwa zingahoywa kwi-CDN.
Eyona nto inokuthi ihlaselwe yi-CloudFront CDN esetyenziswa yi-Amazon Web Services (AWS). IAmazon ngoku ilungise ingxaki ngokuvala i-caching yempazamo, kodwa kuthathe abaphandi ngaphezulu kweenyanga ezintathu ukongeza ukhuseleko. Lo mcimbi uphinde wachaphazela i-Cloudflare, i-Varnish, i-Akamai, i-CDN77 kunye
Ngokukhawuleza, kodwa uhlaselo ngabo lulinganiselwe kwiiseva ezijoliswe kuzo ezisebenzisa i-IIS, ASP.NET, и . , ukuba i-11% yeSebe lezoKhuselo lase-US, i-16% yee-URL ezivela kwi-database ye-HTTP Archive kwaye malunga ne-30% yeewebhusayithi eziphezulu ze-500 ezibekwe yi-Alexa zinokuthi zihlaselwe.
Njengomsebenzi wokuthintela ukuhlaselwa kwicala lesayithi, ungasebenzisa i-"Cache-Control: akukho-store", evimbela ukugcinwa kwempendulo. Kwezinye ii-CDN, umz.
I-CloudFront kunye ne-Akamai, unokukhubaza i-caching yempazamo kwinqanaba leseto zeprofayile. Ukukhusela, ungasebenzisa i-firewall yesicelo sewebhu (i-WAF, i-Web Application Firewall), kodwa kufuneka iphunyezwe kwicala le-CDN phambi kweenginginya ze-caching.
umthombo: opennet.ru