Comments (9)
OXeu
commented on August 25, 2024
如果直接使用 R2 的话,通常来讲 Cloudflare 的 CDN 是能缓存大部分请求的,应该能在一定程度上防止盗刷?
from rin.
chesha1
commented on August 25, 2024
万一我设置不用缓存,恶意地就是要把你的 r2 访问次数刷完,用 cdn 也没用吧?
最安全的做法还是设置图片的请求只能从你的网页上发起(这样还能顺便防止你的文章被盗),同时加上频控
from rin.
OXeu
commented on August 25, 2024
除了浏览器本地的缓存以外,CDN上也是有缓存的,CDN的缓存是不受请求参数的影响的
只要 CDN 上有缓存且没有过期,请求就不会到达 R2
from rin.
OXeu
commented on August 25, 2024
最安全的做法还是设置图片的请求只能从你的网页上发起(这样还能顺便防止你的文章被盗),同时加上频控
不过确实应该考虑安全性的问题,我思考一下有什么比较好的解决方案没有
from rin.
chesha1
commented on August 25, 2024
我如果我没理解错的话,Cache-Control 是会影响 CDN 的行为的
查询参数确实不重要,设置一下就能防止查询参数变更带来的攻击
from rin.
OXeu
commented on August 25, 2024
Cache-Control 是源服务器(这里是 R2)的响应头中的参数,不是请求参数
from rin.
chesha1
commented on August 25, 2024
我在 16:30 的时候,密集地请求了 100 次某个图片,麻烦到 r2 的 metrics 里看下,是否请求确实没有打到 r2 的文件上
from rin.
OXeu
commented on August 25, 2024
16:30 前后的 B 类请求次数维持在较低水平,最高点位于 16:18 分有 33 次
from rin.
chesha1
commented on August 25, 2024
那应该是没打到 r2 上,感谢你提供的结果,如果将来有好的防盗刷设计,或者在 rin 里已经完成完整的防盗刷实现了,麻烦@我一下
from rin.
Related Issues (20)
- [Bug] Toc 目录跳转被导航遮挡
- [Feature Request] 关闭评论功能 HOT 1
- [Bug] Toc目录树过长无法点击
- [Bug] 光标位置不对 HOT 4
- [Feature Request] 偶然发现obsidian的同步插件可以使用r2桶,那么是否可以直接调用r2桶来发布本地写好的笔记呢 HOT 2
- 上传图片失败 HOT 20
- [Help] 希望更新本地dev教程 HOT 3
- [Help] 问题描述rss出现错误提示Fetch API cannot load: imagerin.8072211.xyz/cache/rss.xml HOT 10
- [Help] 救命,无法登录 HOT 4
- [Feature Request] 之后会更新近期动态之类的功能嘛 HOT 1
- 手机上访问显示白屏,但是没有报错 HOT 5
- [Help] SEO Workflow 部署失败 HOT 2
- 同步了你的仓库后部署失败了 HOT 2
- [Feature Request] Add OAuth2 login
- [Help] 部署后端错误500 HOT 1
- [Help] 问题描述 HOT 1
- [Help] 文章备份 HOT 1
- [Help] 问题描述 HOT 2
- [Help] 问题描述:部署完成后登录git跳转页面NOT find HOT 2
- [Help] 问题描述 发布时出现D1_error错误(附图) HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rin.