Re: Thought regarding NGINX and Debian

To: debian-user@lists.debian.org
Subject: Re: Thought regarding NGINX and Debian
From: Gene Heskett <gheskett@shentel.net>
Date: Sat, 9 Nov 2019 15:47:45 -0500
Message-id: <[🔎] 201911091547.45385.gheskett@shentel.net>
In-reply-to: <[🔎] BYBLJN33ITDB.3M6A228EB8J03@qusp>
References: <[🔎] BYBLJN33ITDB.3M6A228EB8J03@qusp>

On Saturday 09 November 2019 14:01:11 Jonathan Dowland wrote:

> On Fri Nov 8, 2019 at 10:55 PM Gene Heskett wrote:
> > unforch, reinstalling apache2 is not a workable situation because it
> > was built for the repos w/o libwrappers support.  Dumb and forces me
> > to run iptables to block the bots that are DDOSing my site.
>
> Blocking malicious connections with iptables is a *better* solution
> than with libwrappers. With libwrappers, your application (apache2) is
> still having to do some connection management, even though you're
> going to reject the connection. It's still at risk of exploitation if
> there's a bad actor and a known vulnerability. iptables does it job
> before apache2 even sees the connection. And is far, far more
> flexible.
>
> At this point libwrappers is more of a historical curiosity than an
> actively used and developed tool for filtering.

Being more than somewhat behind the times, I've now got that figured out.

Thanks Jonathan.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- Re: Thought regarding NGINX and Debian
  - From: "Jonathan Dowland" <jon+debian-user@dow.land>

Prev by Date: Re: Thought regarding NGINX and Debian
Next by Date: Re: Thought regarding NGINX and Debian
Previous by thread: Re: Thought regarding NGINX and Debian
Next by thread: UVC device.
Index(es):
- Date
- Thread