- 最新
- 投票最多
- 评论最多
Hello.
To protect your on-premises server, you need to set it up as a CloudFront origin.
If you can set up CloudFront, you can use AWS WAF and AWS Shield.
In other words, it cannot be used unless it is at least configured as a CloudFront origin.
https://aws.amazon.com/shield/faqs/?nc1=h_ls
Q. Can I use AWS Shield to protect web sites not hosted in AWS?
Yes, AWS Shield is integrated with Amazon CloudFront, which supports custom origins outside of AWS.
Thanks, Riku, is there any best practices to consider to avoid any traffic slowness due to redirection. On-prem website will be high in traffic due to year end coming.
You can protect your on-prem using either CloudFront or Application Load Balancer (ALB) with AWS WAF WebACL. Accessing your on-prem via private DX VIF (via ALB) allows you to remove your on-prem completely from the 'internet', and via a public DX VIF (via CloudFront), allows you to remove it from being accessed from anywhere other than the Amazon network.
- Pro's of using CloudFront - deliver content close to your users at the edge, provides global CDN allowing caching/compression, gold class L3/4 DDoS protection, overall scale - default limit of 250K RPS per-distribution can be increased on request. If your client base is global, CloudFront may actually improve overall performance (results would vary depending on a variety of factors). Cons - total cost of ownership (TCO) is likely to be higher than using ALB.
- Pros of using ALB - it's cheaper. Even if you build in your own EC2-based HTTP caching tier it's possible that TCO will remain lower than CloudFront. Cons - L3/4 mitigation relies on detection however ALB will scale to absorb attack, regional WAF has a maximum of 25K RPS.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
I don't know the structure of your website, but I think you can reduce traffic to some extent by caching HTML, images, etc. with CloudFront.