Reducing DoS attacks by running multi instances of nginx web-server in docker using shell script / Ismail Arif M. Zulkepli, Abidah Mat Taib and Nor Alifah Rosaidi
Denial of Service (DoS) attacks are a common type of attack that affect many websites in today's modern internet. Web-servers and applications are mostly vulnerable to DoS attacks by default and require some extended knowledge to have a good or even a decent level of security. However, with aut...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Book Section |
| Language: | English |
| Published: |
College of Computing, Informatics and Media, UiTM Perlis
2023
|
| Subjects: | |
| Online Access: | https://ir.uitm.edu.my/id/eprint/100839/1/100839.pdf https://ir.uitm.edu.my/id/eprint/100839/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Mara |
| Language: | English |
| Summary: | Denial of Service (DoS) attacks are a common type of attack that affect many websites in today's modern internet. Web-servers and applications are mostly vulnerable to DoS attacks by default and require some extended knowledge to have a good or even a decent level of security. However, with automation, web developers would have less time to set-up their servers and have more time developing their websites without compromising their own security. With containerization and load balancing, by using the same machine with the same specs, web-developers will require less time and effort to scale their web-production without sacrificing the security of their web-servers. The engine (nginx) web-server application and reverse proxy has the ability to provide an application-level load balancing. Meanwhile Docker containers can manage many instances of a web-application inside a single web-server with little overhead on system resources unlike their virtual machine counterpart. With these solutions, in addition to automation within a single shell script and a docker compose configuration, the web-server application can be hardened to a higher extend compared to the default configuration of a normal web-server. With attacks such as SYN-flood and HTTP request flood in the wild, the research finds that the automation script has been successful in setting-up the application load balancer as the DoS attacks such as SYN-flood and HTTP request flood attacks has been mitigated. However, there are few enhancements that can be made such as using a ICMP firewall rules and further automation of the web-server application configuration. |
|---|