18
votes
Accepted
Caching authenticated requests for all users
I've been trying to address a similar issue.
My users need to be authenticated for every request they make.
I've been focusing on getting the users authenticated at least once by the backend app (...
- 296
16
votes
Rate limiting *un*-authenticated requests
However, what about non-logged in (unauthenticated) users? We don't know for sure who they or where the request is coming from exactly, so can't easily rate-limit those requests or..?
There are a ...
- 12.5k
6
votes
Rate limiting *un*-authenticated requests
To know if a request is from an authenticated user or from an anonymous user, you have to necessarily process the request (albeit quickly). This still means your application is vulnerable to a denial ...
- 22.9k
5
votes
Accepted
Why do we need nginx server on top of linux server?
Very roughly: A Linux system speaks UNIX. It gives you the ability to run UNIX programs by offering the syscalls open(), malloc(), socket() etc. etc.
A web server like nginx speaks HTTP - it ...
- 111k
5
votes
Accepted
Understanding the importance of Gunicorn and Nginx for Django web development
This doc mentions
DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone
through security audits or performance tests.
So I guess that's the part where "Django is not designed for real-...
- 3,242
4
votes
Can a web server accept a plain test file upload without additional server side scripting?
Yes, it can. You may add protocols such as WebDAV to your Nginx or IIS, or FTP to IIS (as far as I know, there is no FTP support for Nginx).
Regarding WebDAV, you can map it then as a drive in Windows ...
- 139k
4
votes
Accepted
Why should we not use port 80 during development?
The potential issue with running on port 80 is that it's in the range that requires root access to bind to it (at least in *nix.) The problem with running a server under root is that the impact of ...
- 31.1k
2
votes
creating nodejs apps in php/mysql framework with later on full step by step migration to nodejs in mind
While most folks who ask architecture questions here do so prematurely (they really should be writing some code first to gain a fundamental understanding), I'm going to suggest to you that you should ...
- 201k
2
votes
Accepted
creating nodejs apps in php/mysql framework with later on full step by step migration to nodejs in mind
You may want to consider adding a proxy layer while you are migrating. This provides one URL for your application while specific parts are on separate servers. This is the general approach used by ...
- 46.5k
2
votes
Accepted
Nginx for exposing Docker Swarm services to the Internet?
For a swarm-native reverse proxy, check out Traefik (and the swarm setup docs here). Traefik runs as a docker service on the manager node of the swarm and hooks into docker.socks allowing dynamic ...
- 169
2
votes
Accepted
Design help for web application that will run as separate instances with different content
It seems possible that the missing concept here is that of tenancy. You may be asking a specific instance of "how do I take this app I made and make it a multi-tenant app?"
https://en....
- 330
2
votes
Rate limiting *un*-authenticated requests
In AWS, there are the related services AWS Shield and AWS WAF. They are primarily intended for preventing DDoS attacks but also offer support for rate-limiting based on IP addresses.
In WAF, the ...
- 1,437
2
votes
Can a web server accept a plain test file upload without additional server side scripting?
HTTP is deliberately designed to be generic, so it can be used for lots of different applications. There is no such thing as a "file" in HTTP, so it is impossible for an HTTP server to 'know ...
- 105k
2
votes
Can a web server accept a plain test file upload without additional server side scripting?
Can a web server even accept a file POST, without additional scripting running server side? I.e. do common web servers, Apache, IIS, NGINX etc 'know what to do' with a file upload, out of the box?
...
- 15.3k
1
vote
Accepted
Can a web server accept a plain test file upload without additional server side scripting?
No they don't, you run an application on the webserver which accepts the file and stores it for example in a file or database. There are quite simple examples available for almost any language. If you ...
- 2,884
1
vote
Rate limiting *un*-authenticated requests
One of Cloudflare's main offerings is protection against Denial of Service attacks by providing an intelligent proxy for your API/web server. The basic service is free; they make money off of other ...
- 813
Only top scored, non community-wiki answers of a minimum length are eligible