> > Hypothetical situation: An organisation would like to provide a storage > solution (S3 API) to its members. The members need to access the > S3 API from the public internet. (There is no VPN). > > Are there any recommendations regarding having RGW facing the public internet? > I'm thinking about the risk of DoS attacks. > (see https://en.wikipedia.org/wiki/Denial-of-service_attack)
I think this is nothing specfic to rgw, any solution you can find on https dos will suffice. I use haproxy and have blocked access from major clouds like aws,azure,google etc. > I would assume that anonymous access to the RGW API needs to be disallowed. > All access should be either authenticated or in the form of a pre-signed URL. Why? I am sharing instruction video's via email like this. _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
