On 6/26/26 11:38, Benny Pedersen via users wrote:
Kevin A. McGrail skrev den 2026-06-26 03:53:
Amen
jehova :-)
should it not just be running on 127.0.0.1 ? and create results to live
servers presenting the results, it does not need to be 0.0.0.0 while
computing imho, lesson learned here
My firsthunch was (and I'm guessing Benny suggests same thing here) is
that the RuleQA webserver should not be on the same machine as the
actual RuleQA processing stuff, assuming that the DDOS is over HTTP.
Maybe an aggressive caching reverse HTTP proxy would be enough?
Then we could allowlist the rsync submitters (at least to an ISP range
if a single IP doesn't suffice) and close public access to the RuleQA
backend server altogether?
Probably these ideas have already been catered and discarded for reasons
beyond my knowledge, but I'm still putting them here in case it might
help someone.
Kind regards,
Tom