Hacker News new | ask | show | jobs
by jitl 592 days ago
I would expect my web application framework to handle all of these tasks, except perhaps header filtering. If it didn’t I’d rather fix that problem in the web application itself instead of adding a complicating layer of infrastructure that I now need to include in integration tests and release process.

I see some merit to moving the size limits etc out of the application to reduce CPU waste there on overly large requests, but either way I’m still burning some CPUs on it.

Is the use-case for this mostly about sticking some validation in front of a system who’s code you can’t or don’t want to modify for some reason, like in front of Wordpress?
1 comments
k4k4 591 days ago
Yes, I agree that applications themselves should handle requests that are not correct for them. I in my experience (maybe not so great :)) have encountered several times products even of large corporations that goofed up with problematic requests and/or payloads in that request. But yes I agree with you,it is adding an extra layer and complexity to the deployment, but sometimes it is a very convenient tool - for example as I mentioned before if you don't want to use off-the-shelf products like apache or nginx. Which should do the job and sift out the bad from the good.
link
jitl 591 days ago
I wasn't trying to be dismissive, I really am curious to hear more about those use-cases, it's interesting because its not something I've experienced or know much about
link
k4k4 591 days ago
We had a problem with a solution from a large international supplier. While doing an external audit (pentesting), we came across vulnerabilities and the possibility of ‘breaking’ the system as a whole (apart from the fact that natively the system did not support service-mesh, which was required by the client...). So, to mitigate the open vulnerabilities and add service-mesh (sort of), we used Apache (httpd), but writing the configuration and figuring out how to patch it well was driving me crazy. That's why this solution was created, if I'm honest it took me a week to write it, which is about the time I had to solve the problem described earlier. I got the green light from my superiors for something of my own and that's how this project came about. Plus the fact that I wanted to see how rusty my Python was :)
link
besprim17 591 days ago
Big enterprise solution and custom not well tested solution, it smells like possibility of failure. But fingers crossed ;)
link
k4k4 590 days ago
That's why i can focus on making it even better :)
link