I can see the benefit of splitting off the web server in the case of a DDOS attack but from the perspective of the user of your web site users the application is still down even if the back end app and db server are still running. They can't respond to any requests because they don't get any. So on one physical system or two the application is down and will not be back up until the DDOS attack stops.

Of course this is just one possible attack but for many others the result is the same. The backend server may be protected but if it can't be accessed because the web server component is down.

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Walden H. Leverich
Sent: Wednesday, May 13, 2009 7:32 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] More on iSeries web apps and security

but it seems to me that the best defence is to stop DDOS attacks at a
network level, using routers and firewalls

No argument, but it depend on the DDOS attack. Fair enough, 50K people
doing 1/2 opens should be noticed by a _good_ firewall (how many have
_good_ firewalls?) but what about 50K people issuing valid HTTP requests
for http://yoursite/fakefile.jsp? Harder to see. Point is, we can come
up with a response to anything they throw at us (probably), but they
have to throw it first. Do _you_ want to be the one that says "Gee
sorry, we didn't think of that"

-Walden


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.