In the public cloud, an educational user opened a Windows Server 2008 host, the recent entrance for students to use website business. Unfortunately, the site opened business less than a day, the problems facing the site inaccessible. Today we take a look at exactly what the problem, how do we solve it?
First, the site is very simple system architecture
Business architecture is very simple, webServer a + SqlServer one, webServer using IIS7, SqlServer using Microsoft SqlServer2005 architecture. WebServer only started the 3389 port and 80-port firewall policy, SqlServer only allows access within the network.
Second, the problem lies in where?
1, traffic traffic than the server's performance.
The webServer business TPS (transactions per second) is about 4000, but the number of local students in more than 100,000 subscribers.
2, the user directly to the source IP webServer to announce the final customer, the customer to access the site directly by IP address.
Site's source IP address of the user directly exposed to the public network, the equivalent of nude beaches, the site is fully exposed. Hackers can use DDOS, web exploits and other ways to direct attack. In the Internet industry, the source IP address is a secret, unauthorized allowed to tell anyone.
3, webServer long suffered the attack TCP connection.
By monitoring online connection webServer found long under attack TCP connection. The same end-user (student end) source IP address using serial ports (each successive port number of IP addresses at around 6) Visit the website business. IP number of the end of the nearly 3,000 students.
Third, the solution?
1, for server performance issues, the only way to resolve the use of expansion.
Due to problems processing time is tight, leaving only the treatment plan, not yet implemented. Proposal: The front end load balancing + WebServer improve processing capability; using separate read and write capabilities to improve the back-end processing.
2, visit the Web site using the domain name + Cloud WAF, and replace the IP address of the site.
To avoid expose directly to the site, it is recommended to replace the temporary IP address of the site, the new IP address is prohibited tell end users. Access to the site domain name through, while temporary purchase cloud WAF, the CNAME domain names point to the cloud WAF address.
The website address of the cloud firewall is set to only allow access to cloud WAF further improve safety.
The second way is through the process, the business has been operating normally.
I hope this article can help you.
More real-time updates, visit public number. 
Click here to get the highest ¥ 1888 Ali cloud offering universal vouchers