Tag: lighttpd
-
Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd
Early in 2018, Barak Tawily published a possible DoS attack for WordPress, that basically works by requesting all possible scripts on the /wp-admin/load-scripts.php, a script that fetches and concatenates javascript files — there’s also a load-styles.php file that does the same for styles. His vulnerability report was rejected by the WordPress team, on the account…
-
Un-breaking lighttpd’s broken mod_access
A client let us know that the server where her company’s site was hosted had an unusually high load. After checking the access log for the web server, it was clear that the cause was repeated access attempts at a single URL, which was not essential to the site. So I though this should be…
-
Por qué y cómo implementar un nombre de dominio canónico
Es bastante frecuente que un cliente tenga el registro de más de un nombre de dominio para su sitio web, así como también que desee que su sitio esté accesible a través de cualquiera de sus dominios… sin embargo, disponibilizar el mismo contenido a través de distintas URL no es una buena idea, sino que…