We need to drop lighttpd for OpenResty for HTTP/2 streaming proxy support. This means all vhosts on lighttpd and the security hardening need to come with.
We need to drop lighttpd for OpenResty for HTTP/2 streaming proxy support. This means all vhosts on lighttpd and the security hardening need to come with.
This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.
We should include ModSecurity as a Web Application Firewall, to serve in a similar capacity to sshguard.
https://aur.archlinux.org/packages/modsecurity/
This will result in a 3-layer firewalling model for our three externally-facing ports.
1. Router firewall
1. Host firewall
1. Application firewall (sshguard, ModSecurity, IRC z-line)
This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.
We need to drop lighttpd for OpenResty for HTTP/2 streaming proxy support. This means all vhosts on lighttpd and the security hardening need to come with.
We should include ModSecurity as a Web Application Firewall, to serve in a similar capacity to sshguard.
https://aur.archlinux.org/packages/modsecurity/
This will result in a 3-layer firewalling model for our three externally-facing ports.
This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.