retomando el blog

Hace dos años que no posteo y tengo bastantes artículos en la recámara que iré subiendo:
SDN, Seguridad de Red, DDoS recibidos y contramedidas, balanceadores de carga …

He cambiado de servidor dedicado en OVH y he decidido activar SSL, http/2 y HSTS ( ya tocaba … ).

Me he encontrado que el Time to First Byte ha aumentado considerablemente con SSL.

Después de ”jugar” con nginx y diferentes cifrados he conseguido bajar ese TTFB un poco y mantener una calificación A+ en www.ssllabs.com.

Por otro lado, he activado Incapsula como WAF en el cloud. Logs de Incapsula:

Probaré NAXSI ( Nginx Anti XSS & SQL Injection ) https://github.com/nbs-system/naxs, a ver que tal …

TTFB SIN SSL

[root@xavi-test.ofi ~]# while true; do curl -k -s -o /dev/null -w ” DNS Time: %{time_namelookup} Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} Response: %{http_code} \n” http://91.121.143.38/ -H ‘Host: capa3.es’; sleep 1;done

SIN SSL
 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136  Response: 200  
 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136  Response: 200  
 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136  Response: 200  
 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.137  Response: 200  
 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136  Response: 200  
 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136  Response: 200

Con SSL y Incapsula

[root@xavi-test.ofi ~]# while true; do curl -k -s -o /dev/null -w ” DNS Time: %{time_namelookup} Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} Response: %{http_code} \n” https://107.154.112.108 -H ‘Host: capa3.es’; sleep 1;done

Con SSL y Incapsula
 DNS Time: 0.000 Connect: 0.037 TTFB: 0.254 Total time: 0.326  Response: 200  
 DNS Time: 0.000 Connect: 0.037 TTFB: 0.260 Total time: 0.332  Response: 200  
 DNS Time: 0.000 Connect: 0.037 TTFB: 0.249 Total time: 0.321  Response: 200  
 DNS Time: 0.000 Connect: 0.037 TTFB: 0.252 Total time: 0.325  Response: 200  
 DNS Time: 0.000 Connect: 0.037 TTFB: 0.251 Total time: 0.322  Response: 200  
 DNS Time: 0.000 Connect: 0.031 TTFB: 0.234 Total time: 0.294  Response: 200

Con SSL sin Incapsula

[root@xavi-test.ofi ~]# while true; do curl -k -s -o /dev/null -w ” DNS Time: %{time_namelookup} Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} Response: %{http_code} \n” https://ip_omitida -H ‘Host: capa3.es’; sleep 1;done

Con SSL sin Incapsula

 DNS Time: 0.000 Connect: 0.028 TTFB: 0.290 Total time: 0.344  Response: 200  
 DNS Time: 0.000 Connect: 0.028 TTFB: 0.282 Total time: 0.335  Response: 200  
 DNS Time: 0.000 Connect: 0.028 TTFB: 0.278 Total time: 0.332  Response: 200  
 DNS Time: 0.000 Connect: 0.028 TTFB: 0.283 Total time: 0.336  Response: 200  
 DNS Time: 0.000 Connect: 0.028 TTFB: 0.276 Total time: 0.330  Response: 200

capa3.es