On 6/26/26 11:38, Benny Pedersen via users wrote:
Kevin A. McGrail skrev den 2026-06-26 03:53:
Amen

jehova :-)

should it not just be running on 127.0.0.1 ? and create results to live servers presenting the results, it does not need to be 0.0.0.0 while computing imho, lesson learned here


My firsthunch was (and I'm guessing Benny suggests same thing here) is that the RuleQA webserver should not be on the same machine as the actual RuleQA processing stuff, assuming that the DDOS is over HTTP. Maybe an aggressive caching reverse HTTP proxy would be enough?

Then we could allowlist the rsync submitters (at least to an ISP range if a single IP doesn't suffice) and close public access to the RuleQA backend server altogether?

Probably these ideas have already been catered and discarded for reasons beyond my knowledge, but I'm still putting them here in case it might help someone.

Kind regards,
Tom

Reply via email to