SkzBR Posted December 19, 2011 Group: Members Topic Count: 1 Topics Per Day: 0.00 Content Count: 27 Reputation: 5 Joined: 11/19/11 Last Seen: July 30, 2012 Share Posted December 19, 2011 Please, enable https on your server if possible. My company proxy detects some strings on URL and blocks access on some topics, but they can't block https connections. It's bad when you want to read or reply a topic and ends on a blocked page template. I think many people access forums from companies/colleges. Sincerely, SkzBR. Link to comment Share on other sites More sharing options...
KeiKun Posted December 19, 2011 Group: Members Topic Count: 31 Topics Per Day: 0.01 Content Count: 967 Reputation: 53 Joined: 11/13/11 Last Seen: Friday at 08:18 AM Share Posted December 19, 2011 does RA have SSL? Link to comment Share on other sites More sharing options...
Protimus Posted December 19, 2011 Group: Members Topic Count: 13 Topics Per Day: 0.00 Content Count: 198 Reputation: 102 Joined: 11/13/11 Last Seen: May 4, 2014 Share Posted December 19, 2011 (edited) Is need verify if the version of Apache is the latest to enabled HTTPS. There is a new type of apache attack, called 0day. Wich causes traffic congestion due to the encriyption keys are broken. Is better you use a proxy server, it is easier. Edited December 19, 2011 by Protimus 2 Link to comment Share on other sites More sharing options...
Roberto Posted December 22, 2011 Group: Members Topic Count: 0 Topics Per Day: 0 Content Count: 7 Reputation: 1 Joined: 12/06/11 Last Seen: May 6, 2015 Share Posted December 22, 2011 @Protimus This attack '0 day' was fixed by Apache team and released in version 2.2.21 and HTTPS connection cant prevent these attacks. 'http flood' however makes your connection table like TIME_WAIT (command win or linux: netstat -an) turn a fireball and your server be very slow. Assuming than rathena.org apparently is hosted in CloudFlare IMHO that this webhost have an better security to prevent some hack attempts from simple injection to complex types of ddos attacks is also possible round-robin system to loadbalance this website into others webservers. Therefore in the case of rAthena whatever if your webserver with https enabled, CloudFlare prevent these attacks by default and without additional costs. Round-robin servers rathena.org has address 199.27.135.91 rathena.org has address 173.245.60.26 @SkzBR If you use any linux OS you just can use Config&Server Firewall (CSF) [1]. This app just use iptable between CSF to make effective rules. Your subsystem LFD listen your log system and block if found something abnormal. Can you consider to use ModSecurity[2] to your webserver. This module is share compiled with your apache webserver and can make custom rules to prevent some PHP/XSS/SQL/FILE injection and others various hack attempts to your websites. His prevent too some flood attacks like slowris but this last is rarely used. [1] http://configserver.com [2] http://modsecurity.org Link to comment Share on other sites More sharing options...
Brian Posted December 7, 2012 Group: Members Topic Count: 75 Topics Per Day: 0.02 Content Count: 2223 Reputation: 593 Joined: 10/26/11 Last Seen: June 2, 2018 Share Posted December 7, 2012 I agree with this suggestion. Adding HTTPS to CloudFlare will cost $20/month (CloudFlare Pro). I'm not sure if that includes a CloudFlare-issued SSL certificate or if there is an additional fee. Link to comment Share on other sites More sharing options...
Recommended Posts