Hacker News new | ask | show | jobs
by marcinw 5667 days ago
Nice job editing your comment without saying so (" -- although not impossible --" and your last paragraph).

Anyway, your nginx/lighttpd server is more likely to be exploited and compromised via an actual vulnerability rather than your Apache server via a slowloris-style attack. It's akin to putting a wide receiver in front of your runningbacks...
2 comments
FooBarWidget 5667 days ago
I am not aware of Nginx having a bad security track record.
link
tkaemming 5667 days ago
I updated the original comment w/ the original and updated text. Sorry if you saw this as inappropriate — I had updated it before it was upvoted and thought it only clarified the points, not changed it.

Regardless, many deployments use this same technique for just this reason (to avoid spoonfeeding slower clients responses). How is this any more risky than running Apache up front, barring configuration errors (which could just as easily happen with any other server software)?

link