Webserver Port #9

New Issue

DarkFeather · 2020-08-27T05:46:24-05:00

DarkFeather commented

2020-08-27 05:46:24 -05:00

We need to drop lighttpd for OpenResty for HTTP/2 streaming proxy support. This means all vhosts on lighttpd and the security hardening need to come with.

DarkFeather commented

2020-11-05 15:33:44 -06:00

Poster

We should include ModSecurity as a Web Application Firewall, to serve in a similar capacity to sshguard.

https://aur.archlinux.org/packages/modsecurity/

This will result in a 3-layer firewalling model for our three externally-facing ports.

Router firewall
Host firewall
Application firewall (sshguard, ModSecurity, IRC z-line)

This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.

We should include ModSecurity as a Web Application Firewall, to serve in a similar capacity to sshguard. https://aur.archlinux.org/packages/modsecurity/ This will result in a 3-layer firewalling model for our three externally-facing ports. 1. Router firewall 1. Host firewall 1. Application firewall (sshguard, ModSecurity, IRC z-line) This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.

DarkFeather added the

RFC

label 2020-11-05 15:33:56 -06:00

DarkFeather added this to the Kanban project 2022-08-04 00:40:39 -05:00

DarkFeather added the

On-hold

label 2022-08-04 00:46:51 -05:00

Sign in to join this conversation.