Re: Thought regarding NGINX and Debian

To: "Gene Heskett" <gheskett@shentel.net>, <debian-user@lists.debian.org>
Subject: Re: Thought regarding NGINX and Debian
From: "Jonathan Dowland" <jon+debian-user@dow.land>
Date: Sat, 09 Nov 2019 19:01:11 +0000
Message-id: <[🔎] BYBLJN33ITDB.3M6A228EB8J03@qusp>
In-reply-to: <[🔎] 201911082255.33537.gheskett@shentel.net>

On Fri Nov 8, 2019 at 10:55 PM Gene Heskett wrote:
> unforch, reinstalling apache2 is not a workable situation because it was  
> built for the repos w/o libwrappers support.  Dumb and forces me to run 
> iptables to block the bots that are DDOSing my site.

Blocking malicious connections with iptables is a *better* solution than
with libwrappers. With libwrappers, your application (apache2) is still
having to do some connection management, even though you're going to
reject the connection. It's still at risk of exploitation if there's a
bad actor and a known vulnerability. iptables does it job before apache2
even sees the connection. And is far, far more flexible.

At this point libwrappers is more of a historical curiosity than an
actively used and developed tool for filtering.

Reply to:

Follow-Ups:
- Re: Thought regarding NGINX and Debian
  - From: Gene Heskett <gheskett@shentel.net>

References:
- Re: Thought regarding NGINX and Debian
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: Debian Installer Bug -Wifi driver not installed
Next by Date: Re: Thought regarding NGINX and Debian
Previous by thread: Re: Thought regarding NGINX and Debian
Next by thread: Re: Thought regarding NGINX and Debian
Index(es):
- Date
- Thread