RE: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

li...@threecrickets.com] Envoyé : vendredi 24 septembre 2010 20:45 À : discuss@restlet.tigris.org Objet : Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site. Exactly. You would still want two layers for everyday production applications, even if

Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

Exactly. You would still want two layers for everyday production applications, even if you have just one Restlet node. Upgrading your app, for example -- you have Varnish show a "under maintenance" screen while you swap out your Restlet nodes. Perhaps it looks appealing to have both layers in t

Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

A 2 layer architecture for a public service is useful for a bunch of reasons- load balancing, service availability during upgrades, security, separation of concerns (e.g. segregate apps by workload, offload gzip encoding, ssl endpoint, local static asset caching). Now, I haven't tried this with re

Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

I share David's frustration. One of the things that attracted me to Restlet in the first place was the hope that I could throw away all the other processes and do everything in the JVM. Why couldn't I put whatever throttling/defensive logic (that I would otherwise have to put in a separate process)

Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

Hi Tal, William- Thanks for your feedback! Regarding putting the JVM behind Apache or some other proxy: well, we're likely to have to use a load-balancer soon, but aside from that, I find it frustrating to put something in front of the JVM- shouldn't java web servers be considered just as robust

Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

The Internet is a wild place. :) You will get hits from all kinds of bots, from search engines to trackers of various sorts to spies to malicious attacks. The Internet also has a long memory. Years from now, you will still get hits for pages that have been removed from your application today. You'l

Re: Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

On 09/22/2010 12:46 PM, David Fogel wrote: > Ideally we would like to > find a solution that not only reduces our resource utilization, but > perhaps increases the attacker's cost in some manner, so they are more > likely to move on and leave our servers alone. I haven't paid much attention to thi

Best way to deal with bot attacks and vulnerability searches using Restlet for a public webs site.

Hi All- We've been developing our new web site/service using Restlet, and we're getting very close to a full launch. In the process, we've been deploying parts of our site on publicly-accessible servers (mostly Amazon EC2 instances). In addition to the small amount of traffic we're generating ou