Webserver Port #9

Open
opened 1 year ago by DarkFeather · 1 comments
Owner

We need to drop lighttpd for OpenResty for HTTP/2 streaming proxy support. This means all vhosts on lighttpd and the security hardening need to come with.

We need to drop lighttpd for OpenResty for HTTP/2 streaming proxy support. This means all vhosts on lighttpd and the security hardening need to come with.
Poster
Owner

We should include ModSecurity as a Web Application Firewall, to serve in a similar capacity to sshguard.

https://aur.archlinux.org/packages/modsecurity/

This will result in a 3-layer firewalling model for our three externally-facing ports.

  1. Router firewall
  2. Host firewall
  3. Application firewall (sshguard, ModSecurity, IRC z-line)

This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.

We should include ModSecurity as a Web Application Firewall, to serve in a similar capacity to sshguard. https://aur.archlinux.org/packages/modsecurity/ This will result in a 3-layer firewalling model for our three externally-facing ports. 1. Router firewall 1. Host firewall 1. Application firewall (sshguard, ModSecurity, IRC z-line) This need for WAF puts a kink into #12 -- using HA Proxy in this way would break the header and WAF controls we're using today.
DarkFeather added the
RFC
label 1 year ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.