Hace dos años que no posteo y tengo bastantes artículos en la recámara que iré subiendo:
SDN, Seguridad de Red, DDoS recibidos y contramedidas, balanceadores de carga …
He cambiado de servidor dedicado en OVH y he decidido activar SSL, http/2 y HSTS ( ya tocaba … ).
Me he encontrado que el Time to First Byte ha aumentado considerablemente con SSL.
Después de ”jugar” con nginx y diferentes cifrados he conseguido bajar ese TTFB un poco y mantener una calificación A+ en www.ssllabs.com.
Por otro lado, he activado Incapsula como WAF en el cloud. Logs de Incapsula:
Probaré NAXSI ( Nginx Anti XSS & SQL Injection ) https://github.com/nbs-system/naxs, a ver que tal …
- TTFB SIN SSL
[root@xavi-test.ofi ~]# while true; do curl -k -s -o /dev/null -w ” DNS Time: %{time_namelookup} Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} Response: %{http_code} \n” http://91.121.143.38/ -H ‘Host: capa3.es’; sleep 1;done
SIN SSL DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136 Response: 200 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136 Response: 200 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136 Response: 200 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.137 Response: 200 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136 Response: 200 DNS Time: 0.000 Connect: 0.027 TTFB: 0.056 Total time: 0.136 Response: 200
- Con SSL y Incapsula
[root@xavi-test.ofi ~]# while true; do curl -k -s -o /dev/null -w ” DNS Time: %{time_namelookup} Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} Response: %{http_code} \n” https://107.154.112.108 -H ‘Host: capa3.es’; sleep 1;done
Con SSL y Incapsula DNS Time: 0.000 Connect: 0.037 TTFB: 0.254 Total time: 0.326 Response: 200 DNS Time: 0.000 Connect: 0.037 TTFB: 0.260 Total time: 0.332 Response: 200 DNS Time: 0.000 Connect: 0.037 TTFB: 0.249 Total time: 0.321 Response: 200 DNS Time: 0.000 Connect: 0.037 TTFB: 0.252 Total time: 0.325 Response: 200 DNS Time: 0.000 Connect: 0.037 TTFB: 0.251 Total time: 0.322 Response: 200 DNS Time: 0.000 Connect: 0.031 TTFB: 0.234 Total time: 0.294 Response: 200
- Con SSL sin Incapsula
[root@xavi-test.ofi ~]# while true; do curl -k -s -o /dev/null -w ” DNS Time: %{time_namelookup} Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} Response: %{http_code} \n” https://ip_omitida -H ‘Host: capa3.es’; sleep 1;done
Con SSL sin Incapsula DNS Time: 0.000 Connect: 0.028 TTFB: 0.290 Total time: 0.344 Response: 200 DNS Time: 0.000 Connect: 0.028 TTFB: 0.282 Total time: 0.335 Response: 200 DNS Time: 0.000 Connect: 0.028 TTFB: 0.278 Total time: 0.332 Response: 200 DNS Time: 0.000 Connect: 0.028 TTFB: 0.283 Total time: 0.336 Response: 200 DNS Time: 0.000 Connect: 0.028 TTFB: 0.276 Total time: 0.330 Response: 200