Quote:
Originally Posted by kovidgoyal
Any serious DDos is not possible to mitigate at an application server level. By the time you get to the application server, the request will already have used up a signficant amount of resources. The place to defend against DDoS is at edge routers. In any case, given that calibre is a personal server, I dont exactly see worrying about DDoSes as in its remit.
The best way to protect HTTP application servers in general is to set them up behind a reverse proxy such as nginx. Then you can implement all your safety features/IP bans etc in one place, before any heavy application resources are utilized.
|
No, you can't deal with DDOS, but you can stop brute force password attacks easily. While I can setup nginx to do this (and have, at work), I doubt that's true of the average calibre user, and it's a lot of work even when you know how to do it. If calibre logs failed login attempts, I can at least use fail2ban, which would be somewhat easier.
While it's not a huge deal if someone gets access to my library, it provides a much larger attack surface to find vulnerabilities in calibre's server if they do get in.