Web Architecture, OSS Storage, Load Balancing, and Security Solutions

Important Notice

The tools and scripts provided in this article are solely for testing and educational purposes. They are not intended for commercial use and should not be relied upon for their legality, accuracy, completeness, or effectiveness. Use at your own discretion.

If any individual or organization believes that this content may infringe upon their rights, please notify us promptly with appropriate documentation, and we will remove the relevant information.

All techniques, ideas, and tools discussed here are for security education purposes only. Misuse of this information for illegal activities is prohibited, and we are not liable for any legal consequences arising from such misuse.

Key Concepts

  • Application Architecture: Web/APP/Cloud Services/Third-party Services/Load Balancing
  • Security Products: CDN/WAF/IDS/IPS/Honeypot/Firewalls/Antivirus
  • Penetration Testing Commands: File Upload/Download/Port Services/Shell Bounce
  • Packet Capture Techniques: HTTP/TCP/UDP/ICMP/DNS/Packet Analysis/Proxy
  • Encryption and Coding: Data Encoding/Cryptography/Password Protection/Decompiler/Obfuscation

Web Application Firewall (WAF)

Principle: Protects web applications by filtering and blocking malicious traffic.

Impact: Interferes with standard web security testing methods, potentially blocking legitimate tests.

Demonstration: Using free D盾 firewall software to protect against unauthorized access to .asp backdoors.

Common WAF Types:

  • Without WAF: .asp backdoors can be accessed normally.
  • With WAF: Access to .asp backdoors is blocked.

Content Delivery Network (CDN)

Principle: Distributes content across multiple servers to improve access speed and reliability.

Impact: Hides the origin server's IP address, which can cause issues during penetration testing by misdirecting traffic.

Demonstration: Alibaba Cloud CDN acceleration service for a registered domain.

Implementation Steps:

  1. Prepare a registered domain name.
  2. Configure domain binding in the control panel.
  3. Set up CDN acceleration options.
  4. Add DNS CNAME records for the CDN service.

Object Storage Service (OSS)

Principle: Stores data as objects within buckets, providing scalable and efficient storage solutions.

Why Use Third-party Storage?

  • Static files consume significant bandwidth.
  • Improves content loading speed.
  • Provides cost-effective storage solutions.

Impact:

  • Files uploaded or accessed may come from OSS storage, which can complicate testing.
  • Files are stored and accessed differently, preventing direct execution of scripts or backend files.
  • Security risks such as exposure of Access keys must be managed carefully.

Cloudreve Installation: Setting up a hybrid cloud storage system for file sharing and management.

Implementation Steps:

  1. Deploy the Cloudreve application.
  2. Log in to the management interface.
  3. Configure storage settings and access permissions.
  4. Adjust user group storage attributes for better management.

Alibaba Cloud OSS Configuration:

  1. Activate OSS service on Alibaba Cloud.
  2. Create a new storage bucket.
  3. Set bucket properties and access policies.
  4. Configure Access keys for secure data access.

Security Note: While OSS is secure for data storage, exposure of Access keys can lead to unauthorized access and data breaches.

Forward and Reverse Proxy

Forward Proxy: Operates on the client side, enabling clients to access resources indirectly. Often used for bypassing restrictions or accessing blocked content.

Reverse Proxy: Operates on the server side, forwarding client requests to internal servers. Used for load balancing, security, and content delivery optimization.

Principle: Reverse proxies can redirect traffic to different servers or services, masking the real infrastructure from external users.

Impact: Testers may encounter unexpected results as the target server is hidden behind the proxy.

Nginx Configuration for Reverse Proxy:

            
                # Reverse proxy configuration example
                upstream backend_servers {
                    server 192.168.1.100:80;
                    server 192.168.1.101:80;
                }

                # Define access rules
                location / {
                    proxy_pass http://backend_servers;
                }

Load Balancing

Principle: Distributes network traffic across multiple servers to enhance performance and reliability.

Impact: During testing, multiple servers may respond, making it necessary to account for all potential endpoints.

Demonstration: Configuring load balancing with Nginx on Windows Server 2012 using BT Panel.

Configuration Steps:

  1. Install and set up Nginx on the server.
  2. Modify load balancing settings in the control panel, adjusting weights to prioritize server access.
  3. Test the setup by accessing the domain name, which should now distribute traffic across the configured servers.

Example Load Balancing Configuration:

            
                # Define load balancing group
                upstream backend_cluster {
                    server 121.43.145.189:80 weight=2;
                    server 121.41.59.211:80 weight=1;
                }

                # Configure request routing
                location / {
                    proxy_pass http://backend_cluster;
                }

Thẻ: Web Architecture OSS Storage Load Balancing cdn reverse proxy

Đăng vào ngày 27 tháng 6 lúc 03:53

Thẻ Phổ Biến

©2026 Thành phố Cuồng loạn