Forum

Would there be anything out of the ordinary for hiawatha configuration to consider ?

http://blog.whitehatsec.com/hackerkast-13-bonus-round/

... It works by sending tons of HTTP requests using different paramater value pairs each time, to bypass caching servers like Varnish. Ultimately it’s not a good idea to ever use this kind of code as an adversary because it would be flooding from their own IP address. ....


Code is here http://ha.ckers.org/weird/flashflood.zip

J.L.

Hiawatha already has several flood-blocking options, so this should not be much of a problem.

Thanks, i got curious if there would be anything to learn from this 'novel attack'.

Perhaps that every feature and functionality you add to your application potentially introduces a weakness.

True Which is why I'm advocating hiawatha, it has clear functional goals, a manageable code-base and proves able to perform. It might not be perfect but it's damn close imho.

In the light of the next-web ( nosql etc ) i think manageable and secure components will prove essential to providing security as promised.