PS: I was doing to some random search and then I got detrusion.com.
- Whats this web application firewall ?
- How it works ?
- Any performance hit, if yes then how much?
- Should I use this destruction.com or anything else better available.
Anybody??
Asked
Active
Viewed 465 times
4
neuro
- 14,948
- 3
- 36
- 59
Mohit Jain
- 43,139
- 57
- 169
- 274
1 Answers
2
I quickly glanced at the code and it doesnt appear to be doing all that much. Basically it maintains a white and black list of IPs. While it cannot be that much of a crazy performance hit you'd probably be better off doing this kind of request analyzing in a Rack middleware, that is before it even gets to the Rails request handling.
That being said, I dont like the fact that it will re-sync every 5 minutes DURING processing a given request. That is, it will block the current request while it re-syncs its ruleset / and lists. Which means that you're at the mercy of the Detrusion.com team to keep their site/API up. So when they go down you go down.
While its not as real-timey, I'd feel more comfortable to have the updating process be out of bound. Maybe you store the rules/lists in a flat file or a local DB (Redis would be perfect) which you load on app start. Then you have a frequent cron which reloads the ruleset from Detrusion and writes it locally.
Something like that. Just anything to de-couple your request handling from a Detrusion API check.
Cody Caughlan
- 32,456
- 5
- 63
- 68
-
can you provide any good tutorial to this.. I really want to know much more in detail.. – Mohit Jain Aug 09 '11 at 22:36